I was looking for an endpoint to be able to get amount of available Events in "Splunk/App Search & Reporting/What to Search" I would also appreciate endpoint to be able to get this kind of info provided clicking over "Data Summary" button and filling filter.
Please see attached file to more details. I was looking for a REST API endpoint which provided me 1703436 number, I know this is "real time", but interested in any case :)
I'm automating some stuff and I do really need these events info in order to be able to couple to my script
Thanks a lot for your attention
I've fixed the problem using two steps.
First creating a search job of | eventcount and second retrieving this job number to get result for it.
In pseudo code
job_id = $(curl -u admin:admin -k https://localhost:8089/services/search/jobs -d search='| eventcount' | grep -oP '(?<=<sid>).+(?=<\/)')
curl -u admin:admin -k https://localhost:8089/services/search/jobs/$job_id/results/ --get -d output_mode=csv | grep -oP '\d+'")
