I am trying to build an application that leverages our Splunk Enterprise
setup using Python. I want to get a list of all saved searches (reports),
then get a list of the results of those searches. When I connect to Splunk
via the API and query for saved searches it only returns searches owned by
"nobody", but when I view the searches in the Web UI I see all the searches
saved by everybody.
How can I view the searches saved by everybody, or even a specific user?
Here is a very basic version of what I'm trying to do:
import splunklib.client as client
import splunklib.results as results
CONNECT_DICT = {
'username': removed,
'password': removed,
'host': removed,
'port': removed
}
service = client.connect(**CONNECT_DICT)
saved_searches = service.saved_searches
for saved_search in saved_searches:
print "%s: %s" % (saved_search.name, saved_search['search'])
Thanks for any info.
... View more