Splunk Dev

When trying to filter the endpoint, why replacing the user and app fields don't seem to effect the result at all?

joemaz95
Path Finder

Using Python to access the rest api, servicesns/{user}/{app}/saved/searches endpoint does not filter by app or user
When trying to filter this endpoint, replacing the user and app fields don't seem to effect the result at all. Is there something I'm missing? I'm using the requests library in Python 3.

0 Karma
1 Solution

joemaz95
Path Finder

Looks like the issue is that the endpoint doesn't look for what app the searches are associated with, it looks at the permissions on the searches. I've been getting the searches that are associated with the app as well as the ones that are shared globally. The workaround is to parse the search["acl"]["app"] property.

View solution in original post

joemaz95
Path Finder

Looks like the issue is that the endpoint doesn't look for what app the searches are associated with, it looks at the permissions on the searches. I've been getting the searches that are associated with the app as well as the ones that are shared globally. The workaround is to parse the search["acl"]["app"] property.

Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...