You do this via a different endpoint than the alarm creation. My script:
```
curl -v -k -u "$SPLUNK_USER:$SPLUNK_PASSWORD" \
"https://$DOMAIN:8089/services/saved/searches/$ALARM_NAME/acl" \
--data-urlencode sharing="app" \
--data-urlencode output_mode="json" \
--data-urlencode owner="$SPLUNK_USER" \
--data-urlencode perms.read="" \
--data-urlencode perms.write=""
```
This grants read and write permissions to everyone in the 'app' sharing thing.
... View more
You do this via a different endpoint than the alarm creation. My script:
```
curl -v -k -u "$SPLUNK_USER:$SPLUNK_PASSWORD" \
"https://$DOMAIN:8089/services/saved/searches/$ALARM_NAME/acl" \
--data-urlencode sharing="app" \
--data-urlencode output_mode="json" \
--data-urlencode owner="$SPLUNK_USER" \
--data-urlencode perms.read="" \
--data-urlencode perms.write=""
```
This grants read and write permissions to everyone in the 'app' sharing thing.
... View more