Solved: Splunk rest API - List "All configurations"

vamsigurram · ‎10-15-2020

Hi,

WHen i go into splunk console --> settings --> "All Configurations", i see 2000+ entries for seach and reporting app.

How do i pull all these rows using rest api?

I want to list all these knowledge objects per author (owner).

I tried something like this, but that did not give all the results.

| rest "/servicesNS/-/search/saved/searches"

vamsigurram · ‎10-16-2020

Looking at splunk docs, i found the below REST API, gives all the info that "All Configurations" is giving us.

| rest /servicesNS/-/search/directory | search eai:acl.app="search"

The only question, i have is why does splunk give me "All configurations" for all the apps, when i clearly mentioned search app, as highlighted above?

Hence i had to limit my results to search app, by doing | search eai:acl.app="search"

View solution in original post

richgalloway · ‎10-16-2020

The "All Configurations" page contains far more than saved searches. To get all of the same information via REST requires multiple calls.

| rest /servicesNS/-/-/search/saved/searches
| rest /servicesNS/-/-/configs/conf-transforms
| rest /servicesNS/-/-/configs/conf-macros
| rest /servicesNS/-/-/configs/conf-commands

This is not a complete list. The REST manual should have what you need to complete the task.

---
If this reply helps you, Karma would be appreciated.

vamsigurram · ‎10-16-2020

Looking at splunk docs, i found the below REST API, gives all the info that "All Configurations" is giving us.

| rest /servicesNS/-/search/directory | search eai:acl.app="search"

The only question, i have is why does splunk give me "All configurations" for all the apps, when i clearly mentioned search app, as highlighted above?

Hence i had to limit my results to search app, by doing | search eai:acl.app="search"

Splunk rest API - List "All configurations"

other

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes