![]() ![]() |savedsearch mysearch replace_me="value". Where the replacement placeholder term $replace_me$ appears in the saved search, use "value" instead. If you specify any other time in the time range picker, the time range that you specify overrides the time range that was saved with the saved search.If you specify All Time in the time range picker, the savedsearch command uses the time range that was saved with the saved search.See Determine whether to run reports as the report owner or user in the Reporting Manual. but when i invoke create search API with that session key in request header and search query in request body. This happens even when a saved search has been set up to run as the report owner. Splunk Search Dashboards & Visualizations Splunk Dev Reporting Other Usage Alerting. The savedsearch command never applies the permissions associated with the role of the person who created and owns the search to the search. When the savedsearch command runs a saved search, the command always applies the permissions associated with the role of the person running the savedsearch command to the search. To reanimate the results of a previously run search, use the loadjob command. The savedsearch command always runs a new search. The savedsearch command is a generating command and must start with a leading pipe character. iam able to invoke login API from postman and getting session key as XML response. Default: false replacement Syntax: = Description: A key-value pair to use in string substitution replacement. substitution-control Syntax: nosubstitution= Description: If true, no string substitution replacements are made. If allowed, specify the key-value pair to use in the string substitution replacement. Optional arguments savedsearch-options Syntax: | Description: Specify whether substitutions are allowed. ![]() Required arguments savedsearch_name Syntax: Description: Name of the saved search to run. |savedsearch mysearch replace_me="value" Syntax Remember, you need to have the Search capability in Splunk. This section provides examples of how to use the search APIs, assuming you first connect to a Splunk Enterprise instance. Take a look at the screenshot below which queries the /services/search/jobs endpoint to stream in the results of the search as they come in. Not sure what REST command you are referring to but the search query is posted in the request body against API /search/jobs/. If the search contains replacement placeholder terms, such as $replace_me$, the search processor replaces the placeholders with the strings you specify. Way 2: Query the REST API to show the results by using an export on the search name which will run the search and get the results without polling. Templates Query-Matches-Number, App-Monitoring-Splunk-Query-Api, Check number of results for a query. Runs a saved search, or report, and returns the search results of a saved search. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |