App has moved (URL) 😉 I'm wondering if there's an equivalent of all the curl solutions in a search query format - not from the CLI but the UI, as I have more or less the same question as topicstarter.

On my webinterface of the heavy forwarder, I'd like to run a (remote) saved search on the search head, to check for the license usage and if >99% stop the heavy forwarding mechanism. This works fine on my testing environment with a single instance machine performing all splunk functionalities on 1 machine.
I can run a CLI sh file connecting and executing the search, but a security issue is I have to plain text include admin:password in the file as every splunk server has its own credentials. Also, on the production environment I don't want to create scripts on the commandline; the general idea is to keep all in the UI and saved searches and prevent prompt access to files.

So in brief: does something like "| rest endpoint=searchheaduriorname:8089 | search /services/somequeryremotely" exist, or is it intentionally or not made available with REST?

This is very unfortunate, since the SOS app uses it for licensing. Licenser is not a part of search pool.

Thanks, that is what I suspected. Unfortunately the Splunk instance is embedded in a product that only allows you accees through Rest. I guess using python to write a command through the Rest API is the best option.

It I wanted to try because I can set from the GUI.

Unfortunately, I don't believe I can add the other Splunk instance as a search peer.