Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Use curl to collect data into summary index

wanderingHeight
New Member
‎07-01-2021 09:34 AM

Is there an API that I could use to trigger a saved search that can collect data from an index into a summary index? 

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-01-2021 09:43 AM

Try  saved/searches/{name}/dispatch.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/RESTREF/RESTsearch#saved.2Fsearches.2F.7Bname.7D....

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

wanderingHeight
New Member
‎07-01-2021 10:18 AM

Thank you for your response. I don't think /dispatch is what I'm looking for. 

I have an saved search that populates data into an index at a scheduled time. This index in turn collects that data into a summary index which is used to display it on one of our Visualizations dashboards. The savedsearches.conf uses the action.summary_index and action.summary_index._name to collect this data. I was wondering if there was an api that can be used to collect data from a regular index into a summary index. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-01-2021 11:05 AM

The dispatch endpoint triggers a saved search, which is what the OP asked for.

If you need an API to do any other search activity then you need to submit a new search job.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/RESTREF/RESTsearch#search.2Fjobs The job will contain the SPL needed to do what you want done, including a collect command.  However, it sounds like the API will be doing the same thing the scheduled search is doing already so why bother?  What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...