Splunk Search

Instead of using Job Manager, rest call to kill/stop all running current adhoc jobs for one user?

Path Finder

Does anyone know of a rest call that can be used to kill all adhoc queries for a user?  I do not wish to all users searches, nor do I want to kill schedule searches for that user.

I have the following rest query to identify the current running query for Running_man.

| rest /services/search/jobs/
| search author=Running_man dispatchState=RUNNING
| search NOT id=*scheduler*
| table title id normalizedSearch runDuration

I just would like to be able to kill/stop the results found versus having to go into the job manager.

Labels (1)
0 Karma


Hi @john_glasscock 

You can try following Rest API, action: cancel . Doc link - Search endpoint descriptions - Splunk Documentation

curl -k -u admin:pass https://localhost:8089/services/search/jobs/mysearch_02151949/control -d action=pause


An upvote would be appreciated if it helps!

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!