Splunk REST API: How to filter saved searches by a...

splunkuserCA1 · ‎08-13-2020

Using the Splunk REST API, one can use GET against the "saved/searches" endpoint and get a list of all Saved Searches.

We can use filters on the key names in the dictionary element to reduce the number of entries returned. However, I want to filter based on the <author><name> element: is that possible with the REST API?

Ultimately, I'm trying to answer this question with the REST API: what are all the saved searches that are created by a specific user / what are all the saved searches in a specific user's namespace?

References:

1) Example XML output is given in the documentation for "saved/searches": https://docs.splunk.com/Documentation/Splunk/8.0.5/RESTREF/RESTsearch#saved.2Fsearches

splunkuserCA1 · ‎08-13-2020

I found the answer, unfortunately not through any documentation. By using Chrome's DevTools, I captured the Query String Parameters as I conducted a search in the Web UI. I see the "search" parameter uses "eai:acl.owner=USERNAME" .

So the curl command would be something like: curl -s 'https://splunk.com:8089/../search/saved/searches?search=(eai:acl.owner="USERNAME")'

Splunk REST API: How to filter saved searches by author/name?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation