So Splunk 3.2 is really pissing me off. For the life of me I can't figure out how to use the REST API. There's something (ok a lot of things) that the online documentation just doesn't tell you. I figured the syntax to create a new search would be similar (said identical) to how you use it in the Web UI...but it isn't. The documentation on the site is literally starved for examples. I'd like to know how exactly they're using the query parameters they describe, because I've used just about every incantation I can think of, and my searches don't return didly squat.

You could say I'm very frustrated. I need to have it ready for a potential dire need at work and frankly it doesn't look like it's going to be ready. I don't think Splunk is using their own REST API in their product either. The reason I say that is all the requests to /v3/ in 3.2. Didn't you guys say that was deprecated?