I'm new to Splunk, and am trying to run a saved search with the Python SDK, with the client module (not binding), only I don't understand the SDK model well enough (probably don't know Splunk itself well enough either). I can list all saved searches with saved_searches.py
or a particular search with saved_search/saved_search.py
, and I can run a one-off search:
job = splunk.jobs.create('search sourcetype=foo earliest=-60m')
but I don't see an interface for running a saved search.
Can the client module run a saved search?
Thank you,
Yes it certainly can. To run a saved search, use splunklib.client.SavedSearch.dispatch() (see the reference docs here: http://docs.splunk.com/DocumentationStatic/PythonSDK/0.8Beta/client.html#splunklib.client.SavedSearc... ).
The saved search example shows how to list your saved searches, but not how to run one. BUT, you can see an example of how to run a saved search in the unit tests for saved_search (/test/test_saved_search.py). Look for "def test_dispatch(self)", which tests various things such as enumerating saved searches, deleting one, creating one, but also running one. This part of the test case runs a search, gets back a job ID, waits for the job to finish, gets the results:
...
job = saved_search.dispatch()
testlib.wait(job, lambda job: bool(int(job['isDone'])))
job.results().close()
job.cancel()
...
In general, the unit tests are a good place to look for examples of how to use the API.
Yes it certainly can. To run a saved search, use splunklib.client.SavedSearch.dispatch() (see the reference docs here: http://docs.splunk.com/DocumentationStatic/PythonSDK/0.8Beta/client.html#splunklib.client.SavedSearc... ).
The saved search example shows how to list your saved searches, but not how to run one. BUT, you can see an example of how to run a saved search in the unit tests for saved_search (/test/test_saved_search.py). Look for "def test_dispatch(self)", which tests various things such as enumerating saved searches, deleting one, creating one, but also running one. This part of the test case runs a search, gets back a job ID, waits for the job to finish, gets the results:
...
job = saved_search.dispatch()
testlib.wait(job, lambda job: bool(int(job['isDone'])))
job.results().close()
job.cancel()
...
In general, the unit tests are a good place to look for examples of how to use the API.
Thank you, Apruneda. This is exactly the answer.