https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390271#M69845 <P>I want to know using postman how can find the result of below query <BR /> sourcetype="httpevent" 69272d19-53a9-4539-b149-9fc46bbc73cf</P> <P>please find the attached image <span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/6342iB36FF5240387F98D/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Sat, 29 Dec 2018 11:00:02 GMT kadamshridhar01 2018-12-29T11:00:02Z https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390271#M69845 <P>I want to know using postman how can find the result of below query <BR /> sourcetype="httpevent" 69272d19-53a9-4539-b149-9fc46bbc73cf</P> <P>please find the attached image <span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/6342iB36FF5240387F98D/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Sat, 29 Dec 2018 11:00:02 GMT https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390271#M69845 kadamshridhar01 2018-12-29T11:00:02Z https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390272#M69846 <P>@kadamshridhar01 sorry your question is not clear. Do you need help with sending data through HEC (via Postman) to Splunk? Or you are already sending data to Splunk and need help with writing SPL?</P> Sat, 29 Dec 2018 13:52:36 GMT https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390272#M69846 niketn 2018-12-29T13:52:36Z https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390273#M69847 <P>@niketnilay .Already data present in splunk .i want to retrieve it through postman with search criteria .I am new to splunk .what is SPL ?<BR /> If you give me below details retrieve data from splunk.<BR /> 1)Request type (get/post) and url(<A href="https://localhost:8089/?">https://localhost:8089/?</A>)<BR /> 2)request body if any require and format <BR /> 3)headers list with value .</P> <P>Currently i am able to hit request splunk using basic auth but I don't understand how to set search criteria to get data</P> Sun, 30 Dec 2018 12:16:49 GMT https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390273#M69847 kadamshridhar01 2018-12-30T12:16:49Z https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390274#M69848 <P>There is a pretty good documentation available on Splunk website related to Splunk REST API.<BR /> You might want to have a look at it. The link below is related to Search endpoint:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTREF/RESTsearch">https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTREF/RESTsearch</A></P> <P>But basically what you need is:<BR /> 1) url is <CODE><A href="https://splunkserver:8089/services/jobs/export" target="test_blank">https://splunkserver:8089/services/jobs/export</A></CODE> (export - to export search results, there are other search endpoints available too)<BR /> 2) use basic authentication with your login name and password<BR /> 3) method either POST or GET (see the docs), but let's say you use <CODE>POST</CODE><BR /> 4) as request parameters (key / value pairs in Params tab in Postman) use (note, colon below is a separator between key and value):</P> <PRE><CODE>earliest_time : -1h (last 1 hour) latest_time : now output_mode : json (or csv or xml, see the docs) search : sourcetype="httpevent" 69272d19-53a9-4539-b149-9fc46bbc73cf </CODE></PRE> <P>Results of the query will be in the format you specified in <CODE>output_mode</CODE> parameter.</P> Wed, 02 Jan 2019 07:13:57 GMT https://community.splunk.com/t5/Getting-Data-In/How-read-the-data-from-splunk-using-search-query-using-postman/m-p/390274#M69848 petom 2019-01-02T07:13:57Z