can we run a search using the Splunk API to get back a single result(not streaming) without using a saved search or SID?
I tried export like below which is giving streamed output, i want single result
`curl -k -u admin:admin https://searchhead:8089/services/search/jobs/export -d search="search *| stats max(_time) AS _time BY "pctIdle" | head 1|sort 0 - _time | rename "pctIdle" AS Value" -d output_mode=json`
I tried post like this , giving me SID( i dont wnt to use SID r saved search )
`curl -k -u admin:admin https://searchhead:8089/servicesNS/admin/search/search/jobs --data-urlencode search="search * | stats max(_time) AS _time BY "pctIdle" | sort 0 - _time | head 1|rename "pctIdle" AS Value " -d id=mysearch_0215194643 -d max_count=50000 -d status_buckets=300`
Any other way to get results with out SID r saved search?
↧