Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Use curl to collect data into summary index

wanderingHeight
New Member
‎07-01-2021 09:34 AM

Is there an API that I could use to trigger a saved search that can collect data from an index into a summary index? 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-01-2021 09:43 AM

Try  saved/searches/{name}/dispatch.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/RESTREF/RESTsearch#saved.2Fsearches.2F.7Bname.7D....

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

wanderingHeight
New Member
‎07-01-2021 10:18 AM

Thank you for your response. I don't think /dispatch is what I'm looking for. 

I have an saved search that populates data into an index at a scheduled time. This index in turn collects that data into a summary index which is used to display it on one of our Visualizations dashboards. The savedsearches.conf uses the action.summary_index and action.summary_index._name to collect this data. I was wondering if there was an api that can be used to collect data from a regular index into a summary index. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-01-2021 11:05 AM

The dispatch endpoint triggers a saved search, which is what the OP asked for.

If you need an API to do any other search activity then you need to submit a new search job.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/RESTREF/RESTsearch#search.2Fjobs The job will contain the SPL needed to do what you want done, including a collect command.  However, it sounds like the API will be doing the same thing the scheduled search is doing already so why bother?  What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Transforming Financial Data into Fraud Intelligence

Every day, banks and financial companies handle millions of transactions, logins, and customer interactions ...

How to send events & findings from AWS to Splunk using Amazon EventBridge

Amazon EventBridge is a serverless service that uses events to connect application components together, making ...

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...
Top