Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

REST API

balcv
Contributor
‎02-09-2026 02:44 PM

I'm trying to work out how I execute a saved search / report using the REST API.  I have created the token and have all the correct permissions.  An "inline" search in the curl command works and returns the required search results, however I have not been able to successfully get a saved search / report to run.

I know that my saved searches reside in $SPLUNK_Home/etc/users/[user]/[app]/local/savedsearches.conf and I can see the required search of "LV - WiFi Users" in the .conf file.  My problem is how to reference that in the curl api call.

I'm executing:

curl -s -k -H "Authorization: Bearer [key]" "https://[splunk_host]:8089/users/[user]/[app]/local/?output_mode=csv" --data-urlencode search="savedsearch \"LV - WiFi Users\""

and results in "The requested URL was not found on this server." error.

Does anyone have any hints on how I can execute the "LV - WiFi Users"  saved search using a curl API call?

Thanks

Labels (1)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎02-09-2026 06:10 PM

Take a look at the REST API docs for saved searches

https://help.splunk.com/en/splunk-cloud-platform/rest-api-reference/10.1.2507/search-endpoints/searc...

https://<host>:<mPort>/services/saved/searches/{name}/dispatch

 

Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2026 12:38 PM

But this returns a sid which has to be queried for completion and you have to fetch results, paginate and so on.

You can use the /services/search/v2/jobs/export endpoint to spawn search and stream the results with a "| savedsearch ..." search. But you might want to use the namespace parameter for the call to set proper... well, namespace 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...