Hi @akanksha01 

The ECONNRESET error indicates that the TCP connection was abruptly closed by the Splunk server or an intermediary network device (like a firewall or load balancer) before the request could be fully processed or the response sent. The curl command syntax itself for disabling the saved search appears correct.

Troubleshooting steps:

1. Verify Network Connectivity: Ensure the IP and port (typically 8089 for the Splunk management port) are correct and reachable from the machine running the curl command. Check for firewalls or network ACLs that might be blocking or resetting the connection at either source or destination.
2. Check Splunk Server Status: Ensure the Splunk instance is running and responsive, are you able to reach the instance using netcat from your source?
3. Examine Splunk Logs: Check the$SPLUNK_HOME/var/log/splunk/splunkd.log on the Splunk server for any errors occurring around the time you ran the curl command. This might provide clues about why the server closed the connection.

1. Check Intermediary Devices: If you are connecting through a load balancer or proxy, check its logs and configuration. It might have shorter timeouts or specific rules causing the connection reset.
2. Simplify the Request: Try the request without --max-time 60 initially to rule out timeout interactions, although disabling an alert should be very fast. You could also apply -v to provide a more verbose output.