topic Re: How to make search using Splunk Rest API in Getting Data In

How to make search using Splunk Rest API

neeldesai1992 — Thu, 12 Oct 2017 18:49:09 GMT

I have following search query that I run on the Splunk search UI & It works fine:

index=cpaws source=PFT buildNumber=14 type=REQUEST | stats p98(wholeduration) as currentRunP98Duration| appendcols [search index=cpaws source=PFT buildNumber=13 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration1] | appendcols [search index=cpaws source=PFT buildNumber=12 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration2] |eval avgP98=(previousRunP98Duration1+previousRunP98Duration2)/2 | eval success=if(currentRunP98Duration>=avgP98*0.1,"Good","BAD")| table success

For printing out parameter "success", I was using the table command. Now I want to call the same query using the Splunk REST API and in return I want to get the success parameter value. How can I do that?

I went through the Splunk REST API Documentation but I couldn't/didn't find anything helpful. Please help me.

Re: How to make search using Splunk Rest API

Damien_Dallimor — Thu, 12 Oct 2017 18:55:34 GMT

You have not described how you are attempting to use the REST API.

So I will just make this suggestion, try using one of the SDKs , such as the Python SDK.

There are plenty of examples of how to execute a search

Re: How to make search using Splunk Rest API

neeldesai1992 — Thu, 12 Oct 2017 18:59:28 GMT

Sorry not by SDK. So Actually I want to write a groovy script which will be part of my post build action of jenkins job. Which will make request to splunk and will get the data and extract it. I am not sure which endPoint can help me out for this.

Re: How to make search using Splunk Rest API

Damien_Dallimor — Thu, 12 Oct 2017 19:16:02 GMT

Well in that case you can use the Splunk Java SDK from Groovy.

Here is an old Gist of mine that shows how to use the Java SDK from Groovy.

And here are examples of using the Java SDK to execute Searches.

Re: How to make search using Splunk Rest API

neeldesai1992 — Thu, 12 Oct 2017 19:27:08 GMT

To see any example do I need to connect splunk Enterprise Instance?

Re: How to make search using Splunk Rest API

Damien_Dallimor — Thu, 12 Oct 2017 19:58:52 GMT

To see the example you click on the link I posted.

To try out the example , then obviously you need to connect to a Splunk Enterprise instance.Very simple to setup on your own local machine , https://www.splunk.com/en_us/download.html

Re: How to make search using Splunk Rest API

neeldesai1992 — Thu, 12 Oct 2017 20:01:44 GMT

But I think this will not help me. I have search query ready. I just want to make Splunk server call and execute this search query and get the result

Re: How to make search using Splunk Rest API

Damien_Dallimor — Thu, 12 Oct 2017 20:10:23 GMT

What , reading the docs/examples provided won't help you ?

I've given you examples to follow , I suggest reading the docs and actually trying them. Have you attempted to try anything yet ?

The docs/examples I've linked to are very clear on how to the execute a Splunk search query via the REST API and get the result.

Re: How to make search using Splunk Rest API

neeldesai1992 — Thu, 12 Oct 2017 20:21:46 GMT

yeah let me try that out you are right.sorry and thanks

Re: How to make search using Splunk Rest API

neeldesai1992 — Fri, 13 Oct 2017 02:12:17 GMT

I put down the following program:
import com.splunk.*;
public class ConnectToSplunk {
public static void main(String[] args) {

    // Create a map of arguments and add login parameters
    ServiceArgs loginArgs = new ServiceArgs();
    loginArgs.setUsername("admin");
    loginArgs.setPassword("changeme");
    loginArgs.setHost("localhost");
    loginArgs.setPort(8000);

    // Create a Service instance and log in with the argument map
    Service service = Service.connect(loginArgs);


    // A second way to create a new Service object and log in
    // Service service = new Service("localhost", 8089);
    // service.login("admin", "changeme");

    // A third way to create a new Service object and log in
    // Service service = new Service(loginArgs);
    // service.login();

    // Print installed apps to the console to verify login
    for (Application app : service.getApplications().values()) {
        System.out.println(app.getName());
    }
}

}

This gives me the following error
Exception in thread "main" java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.splunk.HttpService.send(HttpService.java:409)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at ConnectToSplunk.main(ConnectToSplunk.java:13)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.splunk.HttpService.send(HttpService.java:403)
... 6 more

Re: How to make search using Splunk Rest API

neeldesai1992 — Fri, 13 Oct 2017 20:19:49 GMT

Use https://:/services/search/jobs/export