Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Use curl to collect data into summary index

wanderingHeight
New Member
‎07-01-2021 09:34 AM

Is there an API that I could use to trigger a saved search that can collect data from an index into a summary index? 

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-01-2021 09:43 AM

Try  saved/searches/{name}/dispatch.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/RESTREF/RESTsearch#saved.2Fsearches.2F.7Bname.7D....

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

wanderingHeight
New Member
‎07-01-2021 10:18 AM

Thank you for your response. I don't think /dispatch is what I'm looking for. 

I have an saved search that populates data into an index at a scheduled time. This index in turn collects that data into a summary index which is used to display it on one of our Visualizations dashboards. The savedsearches.conf uses the action.summary_index and action.summary_index._name to collect this data. I was wondering if there was an api that can be used to collect data from a regular index into a summary index. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-01-2021 11:05 AM

The dispatch endpoint triggers a saved search, which is what the OP asked for.

If you need an API to do any other search activity then you need to submit a new search job.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/RESTREF/RESTsearch#search.2Fjobs The job will contain the SPL needed to do what you want done, including a collect command.  However, it sounds like the API will be doing the same thing the scheduled search is doing already so why bother?  What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...