Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ITSI REST API delete : Can't manage to delete deep dives

jwillaime
Explorer
‎12-05-2019 12:33 AM

Hello,

I am trying to create and delete some deep dives view via the API.

While creating them is mostly done correctly (although they do not appear in the web GUI), I have issues deletting them.

Following are the cURL commands done to try to delete:

curl -k -u admin:pass  -X GET https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/deep_dive?filter='\{"title":"Test+Em...;

Reponse:
[{"object_type": "deep_dive", "_key": "26acc2cf-15d4-11ea-812f-28924a399516"}]

Deletion command:

curl -k -u admin:pass  -X DELETE https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/deep_dive?filter='\{"title":"Test+Em...;

No response

When I ask again for the same deepdice, I get the following:

curl -k -u admin:pass  -X GET https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/deep_dive?filter='\{"title":"Test+Em...;

Reponse:
[{"object_type": "deep_dive", "_key": "26acc2cf-15d4-11ea-812f-28924a399516"}]

I would have thought that this last command would have given me a "element not found" or an empty list, but this is not the case.
The same thing happens even when using no filter, to delete all deep dives.

Am I missing something? Am I doing something wrong? Or is it a bug?

Thank you in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esnyder_splunk
Splunk Employee
Splunk Employee
‎12-05-2019 09:50 AM

Try deleting the deep dive using the deep dive key in the URL. For example, “itoa_interface/deep_dive/DEEP_DIVE_KEY” instead of what you're currently doing, which is a query param.

View solution in original post

Reply
Solved! Jump to solution
Solution

esnyder_splunk
Splunk Employee
Splunk Employee
‎12-05-2019 09:50 AM

Try deleting the deep dive using the deep dive key in the URL. For example, “itoa_interface/deep_dive/DEEP_DIVE_KEY” instead of what you're currently doing, which is a query param.

Reply
Solved! Jump to solution

jwillaime
Explorer
‎12-09-2019 11:35 PM

Thanks for the help! That method works, but I still wonder if the previous method isn't bugged or something.

If you have a look at the documentation,
(https://docs.splunk.com/Documentation/ITSI/4.4.0/RESTAPI/ITSIRESTAPIreference#ITOA_Interface)
The example they give is the following:

curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity?fields='title''&'filter='\{"t...' -X DELETE

Which is very similar to what I was trying to do.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...