- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Why can't I find savedsearches over REST with perm...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We want to run a couple analyses over all our savedsearches in a particular app. The permissions of these savedsearches are all set to "App". As a user with all necessary privileges I'm able to see and run the searches in this app.
Althought, if I run the following search command to see the details of my savedsearches I dont get any results:
| rest /services/saved/searches | search eai:acl.app=myApp
If I change the permissions of the savedsearch to "Global" it will show up.
Do I miss anything? Or is this as designed and rest search command only shows "Global" objects?
Due to security reasons I'm not able to keep the searches global so we need to find an other solution for that..
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you see the search job properties in job manager, by default, the above search looks for searches which are having sharing as global. Following is the sample:
{
"app": "myapp",
"can_write": "1",
"modifiable": "1",
"owner": "admin",
"perms": {
"read": [
"admin"
],
"write": [
"admin"
]
},
"sharing": "global",
"ttl": "600"
}
Try the answer provided for http://answers.splunk.com/answers/210410/how-do-i-list-all-the-saved-searches-for-an-app-in.html
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you see the search job properties in job manager, by default, the above search looks for searches which are having sharing as global. Following is the sample:
{
"app": "myapp",
"can_write": "1",
"modifiable": "1",
"owner": "admin",
"perms": {
"read": [
"admin"
],
"write": [
"admin"
]
},
"sharing": "global",
"ttl": "600"
}
Try the answer provided for http://answers.splunk.com/answers/210410/how-do-i-list-all-the-saved-searches-for-an-app-in.html
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
using servicesNS instead of services worked! thanks!
Archived Metrics Now Available for APAC and EMEA realms
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
