Hi splunk_worker,
Yes, there is a REST command to stop a running search.
Use this command to get a list of searches back:
curl -k -u admin:<pwd> https://localhost:8089/services/search/jobs/ | grep '<id>'
You can use the `` URL to cancel/delete this search like this:
curl -k -u admin:<pwd> --request DELETE https://localhost:8089/services/search/jobs/1416293763.77
and get back a response like this:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="INFO">Search job cancelled.</msg>
</messages>
</response>
For more details have a look at the docs http://docs.splunk.com/Documentation/Splunk/6.2.0/RESTREF/RESTsearchExamples#search.2Fjobs.2F.7Bsearch_id.7D_DELETE
If you just need a nice table view of the running jobs, you can do this as well from the Splunk UI using this search:
| rest /services/search/jobs/ | table author, id
Hope this helps ...
cheers, MuS
... View more