Hello @jkat54! I'm having some trouble getting the app to work, and the ultimate goal is to be able to change the ownership of searches automatically (e.g. from a scheduled report). Here is the search: ``` get all info about the searches on the instance ```
| rest /services/saved/searches splunk_server=local
``` exclude every search where are from user “user” , are disabled and they come only from app search ```
| search eai:acl.owner!="user2 " disabled = 0 eai:acl.app = "search"
| rename eai:acl.owner as owner, eai:acl.app as app, eai:acl.sharing AS sharing
```extract the management port and the search name already urlencoded ```
| rex field=id "^\S+(?<mngmport>\:\d+)\/servicesNS\/\S+\/saved\/searches\/(?<search_name>\S+)$"
``` buid the uri for the curl mngmport =: mngmport ```
| eval url = https:// + splunk_server + mngmport +"/servicesNS/"+ owner +"/"+ app +"/saved/searches/"+ search_name +"/acl"
``` future use, not yet implemented ```
| eval description = description + " - moved from " + owner
``` constructing data= {"owner":"user2","sharing":"global"} ```
| eval data = json_object("owner", "user2", "sharing", sharing)
``` debug & Co ```
| table splunk_server app owner title description disabled action.notable cron_schedule url data id sharing *
``` the curl, which isn't working/ i'm probably doing something wrong here ```
| curl urifield=url method="post" splunkauth="true" debug=true datafield=data
| table curl* I've tried to specify the cert in some way, but it seems that there are no args that I can pass for it. Since I can't find a solution to this (searching online I found a suggestion to bypass ssl inspection, but in my case I don't think I can solve it with that), I'm here to ask for help. I prefer to avoid using simple authentication (user:password). The error I get is from the curl_message field: HTTPSConnectionPool(host='host', port=8089): Max retries exceeded with url: /servicesNS/user1/search/saved/searches/dummy%20search/acl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1143)'))) curl_status: 408 Thanks in advance!
... View more