Hi @sarit_s6, If you haven't already, enable secure access to your instance's REST API by following the guidance at https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTTUT/RESTandCloud. Th...
See more...
Hi @sarit_s6, If you haven't already, enable secure access to your instance's REST API by following the guidance at https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTTUT/RESTandCloud. The full list of supported REST API endpoints is at https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTREF/RESTprolog. To move a saved search, use the saved/searches/{name}/move endpoint: $ curl https://{instance}:8089/servicesNS/{user}/{app}/saved/searches/{name}/move -d app={dest_app} -d user={dest_user} The move endpoint itself isn't documented; however, you can get a list of supported endpoints from the object: $ curl 'https://{instance}:8089/servicesNS/{user}/{app}/saved/searches/{name}?output_mode=json' | jq '.entry[].links'
{
"alternate": "/servicesNS/{user}/{app}/saved/searches/{name}",
"list": "/servicesNS/{user}/{app}/saved/searches/{name}",
"_reload": "/servicesNS/{user}/{app}/saved/searches/{name}/_reload",
"edit": "/servicesNS/{user}/{app}/saved/searches/{name}",
"remove": "/servicesNS/{user}/{app}/saved/searches/{name}",
"move": "/servicesNS/{user}/{app}/saved/searches/{name}/move",
"disable": "/servicesNS/{user}/{app}/saved/searches/{name}/disable",
"dispatch": "/servicesNS/{user}/{app}/saved/searches/{name}/dispatch",
"embed": "/servicesNS/{user}/{app}/saved/searches/{name}/embed",
"history": "/servicesNS/{user}/{app}/saved/searches/{name}/history"
} The form data parameters for the move endpoint are app and user as noted above. Unofficially, you can find all of the above by moving an object in Splunk Web while observing the /{locale}/splunkd/__raw/servicesNS REST API calls in your browser's dev tools. Those calls can be converted directly to /servicesNS REST API calls on the management port.