Splunk Search

change saved search cron schedule

LovepreetSingh
New Member

I am trying to update splunk saved searches schedule by calling rest api in a bash script, I am reading cron and search title from a csv file and try to run a loop. It is working fine partially. It is changing schedule only for private searches not global one.

 

#! /bin/bash

INPUT=data.csv
OLDIFS=$IFS
IFS=','
[ ! -f $INPUT ] && {
echo "$INPUT file not found"
exit 99;
}
echo "-----------------------------------------------------" >> output.txt
while read app cron search_name
do
SEARCH=${search_name// /%20}

QUERY="https://localhost:8089/servicesNS/admin/$app/saved/searches/$SEARCH"
echo $QUERY >> output.txt
echo -e "\n---------------------------------------------------------\n"
echo -e "---Search Name-->$search_name"
echo -e "---Rest API URI-->$QUERY"

curl -i -k -u user:password $QUERY -d cron_schedule=$cron -d output_mode=json >> response.txt

done < $INPUT

IFS=$OLDIFS

Labels (1)
Tags (1)
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!