https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524763#M3811 <P>Team,</P><P>how to remotely execute a search and download the search results and store in a shared drive or a CSV file.</P> Thu, 15 Oct 2020 04:20:21 GMT vj_hawk21 2020-10-15T04:20:21Z https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524763#M3811 <P>Team,</P><P>how to remotely execute a search and download the search results and store in a shared drive or a CSV file.</P> Thu, 15 Oct 2020 04:20:21 GMT https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524763#M3811 vj_hawk21 2020-10-15T04:20:21Z https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524807#M3819 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225074">@vj_hawk21</a>,<BR /><BR />Please check the documentation about the REST API:</P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.0.6/RESTTUT/RESTsearches" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.6/RESTTUT/RESTsearches</A></P><P>You create a search job, get the sid back and with the sid you can get the results.<BR /><BR />To receive the results as csv, you would have to use&nbsp;<EM>output_mode=csv&nbsp; </EM>as indicated <A href="https://docs.splunk.com/Documentation/Splunk/8.0.6/RESTTUT/RESTsearches#Get_search_results" target="_self">here</A><EM>.&nbsp;<BR /></EM></P><P>BR<BR />Ralph</P> Thu, 15 Oct 2020 09:07:51 GMT https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524807#M3819 rnowitzki 2020-10-15T09:07:51Z https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524919#M3832 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/64317">@rnowitzki</a>&nbsp;</P><P>Thanks for your response.</P><P>I have created the search but not able to find its sid/vsid/searc_id.. how to identify the SID?</P><P>Thx&nbsp;</P><P>VJ</P> Thu, 15 Oct 2020 18:02:45 GMT https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/524919#M3832 vj_hawk21 2020-10-15T18:02:45Z https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/525009#M3837 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225074">@vj_hawk21</a>&nbsp;,<BR /><BR />When you created the Job, the sid was in the response.<BR /><BR /></P><LI-CODE lang="markup"> &lt;sid&gt;1258421375.19&lt;/sid&gt;</LI-CODE><P><BR />Also, you can get a list of your searches with<BR /><BR /></P><LI-CODE lang="markup">curl -u admin:changeme -k https://localhost:8089/services/search/jobs/</LI-CODE><P>&nbsp;</P><P>BR<BR />Ralph</P> Fri, 16 Oct 2020 07:24:30 GMT https://community.splunk.com/t5/Splunk-Enterprise/Download-raw-Splunk-logs-via-api/m-p/525009#M3837 rnowitzki 2020-10-16T07:24:30Z