Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

API access: app-specific searches and macros not available?

twinspop
Influencer
‎03-16-2012 09:24 AM

I have a user and a role that both default to a particular app. That app has searches and macros defined that are only available in the app, but readable by everyone. When accessing the Web UI with the user in question I can run the saved searches and macros just fine. If I access the system via the API, I cannot access the saved searches or macros:

Error in 'savedsearch' command: Unable to find saved search named 'MON_somesearch'

Are saved searches' and macros' app context unavailable in the API? Aside from making them globally visible, which would be very messy, any tips for a workaround?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

twinspop
Influencer
‎03-16-2012 09:36 AM

I now see the API can be used to connect to particular app contexts via ServicesNS -- i think.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

twinspop
Influencer
‎03-16-2012 09:36 AM

I now see the API can be used to connect to particular app contexts via ServicesNS -- i think.

0 Karma
Reply
Solved! Jump to solution

csmallon
Engager
‎12-01-2015 06:49 AM

Did you work out what was going on here? I'm trying to shoot API commands (as the user with the macro defined) and it's acting like it doesn't exist at all:

Error in 'SearchParser': Missing a search command before '|'. Error at position '36' of search query 'search index=extended | | fields user '.

The space between the pipes should have the macro in it.

EDIT: Gah, nevermind, I wasn't escaping the backticks from the macro properly.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...