- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Other Usage
- :
- Splunk REST API query (possible issue with URL enc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everyone,
I`m learning about the Splunk REST API and I`m experiencing some temperamental behaviour, for example I can fetch results using the query listed below from some reports, but it fails for others, example below:
curl -k -H "Authorization: Splunk myValidToken" https://myValidDomainName.splunkcloud.com:8089/services/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl
Response:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Could not find object id=[LOOKUP] Active Directory Devices No2</msg>
</messages>
</response>
The report name is correct.
Have you got any suggestions for me ?
Many thanks,
Toma
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This occurs when the object you're referencing is not visible in the user's default context. You can reference the user/app context directly with:
https://myValidDomainName.splunkcloud.com:8089/servicesNS/<user>/<app>/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/aclwhere <user> and <app> are the user name and app name, respectively. If you have read access to the object but don't know the owner or app, you can use hyphens as wildcards:
https://myValidDomainName.splunkcloud.com:8089/servicesNS/-/-/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This occurs when the object you're referencing is not visible in the user's default context. You can reference the user/app context directly with:
https://myValidDomainName.splunkcloud.com:8089/servicesNS/<user>/<app>/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/aclwhere <user> and <app> are the user name and app name, respectively. If you have read access to the object but don't know the owner or app, you can use hyphens as wildcards:
https://myValidDomainName.splunkcloud.com:8089/servicesNS/-/-/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Worked like a charm, much appreciated.
Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!
Logs to Metrics
Developer Spotlight with Paul Stout
