- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Deleting several saved searches in one call
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am using Splunk REST API to delete saved searches in my java program. I would like to delete several saved searches in one call. Is it possible?
I tried something like:
DELETE saved/searches/{name,name1,name2}
and it did not work.
Thanks
Strive
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No , you can only delete 1 Saved Search per HTTP DELETE request to the REST endpoint
But you could easily write your own wrapper method using the Java SDK, albeit several HTTP calls will still be getting invoked in the background.
public void deleteSavedSearches(List<String>savedSearchNames){
Map<String, Object> connectionArgs = new HashMap<String, Object>();
connectionArgs.put("host", "mysplunkserver");
connectionArgs.put("username", "fred");
connectionArgs.put("password", "flintstone");
Service splunkService = Service.connect(connectionArgs);
SavedSearchCollection savedSearches = splunkService.getSavedSearches();
for(String savedSearchName:savedSearchNames)
savedSearches.remove(savedSearchName);
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No , you can only delete 1 Saved Search per HTTP DELETE request to the REST endpoint
But you could easily write your own wrapper method using the Java SDK, albeit several HTTP calls will still be getting invoked in the background.
public void deleteSavedSearches(List<String>savedSearchNames){
Map<String, Object> connectionArgs = new HashMap<String, Object>();
connectionArgs.put("host", "mysplunkserver");
connectionArgs.put("username", "fred");
connectionArgs.put("password", "flintstone");
Service splunkService = Service.connect(connectionArgs);
SavedSearchCollection savedSearches = splunkService.getSavedSearches();
for(String savedSearchName:savedSearchNames)
savedSearches.remove(savedSearchName);
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After we found out that it is not possible, we implemented it like how you have mentioned. Thank you Damien.
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
