I've scoured the net trying to figure out how to create a saved search via the Splunk Python SDK and change user to "nobody" to place it in the global visibility realm. I've successfully been able to create the search using the SDK documentation, but have hit a wall when it comes to changing the owner of the search.
I know this can be done easily using cURL, but that's not supported by Python or the SDK and I'm trying to avoid external calls. There have been several answers to this, but many of them our outdated with libraries that are no longer supported.
Currently I'm trying to use the requests library in Python with the following code. While I am able to perform a get with successfully the post is met with a 403 error. I think my issue is with the post command, but I'm just not sure.
def modify_perms(ss):
url = "https://localhost:8089/servicesNS/%s/search/saved/searches/%s/acl" % ("api", ss)
response = requests.post(url, auth=('api', 'password'), verify=False, data="owner=nobody")
print response.status_code
modify_perms("Test")
... View more