I have created a saved search that runs every minute. I have opted to run a perl script as the alert option. Splunk passes in the search id to the script as one of it's parameters. Whenever I try to retrieve the events via REST, I get a blank page.
Here's what I run to get the events:
https://server:8089/services/search/jobs/my_search_id/events?output_mode=raw
I AM able to get the RESULTS though:
https://server:8089/services/search/jobs/my_search_id/results
... View more