https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539191#M90333 <P>but, we are supposed to use splunk for monitoring the logs, as per client</P> Tue, 09 Feb 2021 15:25:52 GMT vagdevi 2021-02-09T15:25:52Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539178#M90329 <P>Hi,</P><P>I want to create a rest api request to create a search in splunk and get the details(logs) of the search result. I have gone through the splunk document provided by the splunk team, but couldn't get the response properly. I am trying all the ways to hit splunk and search, but it isn't work. I am using basic auth for the request in postman .Please help me to get through this. I am attaching the splunk we are using and the search query we have to use and also the postman request to hit the same</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="vagdevi_3-1612878827028.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/12861i81BF87A27A982A09/image-size/large?v=v2&amp;px=999" role="button" title="vagdevi_3-1612878827028.png" alt="vagdevi_3-1612878827028.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="vagdevi_2-1612878694918.png" style="width: 918px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/12860iB436608005EB5B31/image-size/large?v=v2&amp;px=999" role="button" title="vagdevi_2-1612878694918.png" alt="vagdevi_2-1612878694918.png" /></span></P><P>&nbsp;</P><P>I want to use only postman for the search, not a curl command.&nbsp;</P> Tue, 09 Feb 2021 13:55:53 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539178#M90329 vagdevi 2021-02-09T13:55:53Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539187#M90332 <P>Better to use different tool and leave Splunk all alone. Not worth even trying. Awful community. Awful UI/UX, almost imaginary docs..........</P><P>Also I wouldnt risk downloading files from them (if you are thinking of self-hosting this ).</P> Tue, 09 Feb 2021 15:13:20 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539187#M90332 awslabspl 2021-02-09T15:13:20Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539191#M90333 <P>but, we are supposed to use splunk for monitoring the logs, as per client</P> Tue, 09 Feb 2021 15:25:52 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539191#M90333 vagdevi 2021-02-09T15:25:52Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539215#M90337 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231367">@vagdevi</a>,</P><P>Please try with jobs/export endpoint like below, it will work with basic or bearer token auth.&nbsp;</P><LI-CODE lang="markup">https://splunk_server:8089/services/search/jobs/export?search=search index=_internal earliest=-1d latest=now | stats count by host&amp;output_mode=json</LI-CODE><P>&nbsp;</P> Tue, 09 Feb 2021 18:30:48 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539215#M90337 scelikok 2021-02-09T18:30:48Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539877#M90411 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/206061">@scelikok</a>&nbsp;,&nbsp;</P><P>Thanks for the reply</P><P>I tried the query you provide, but couldn't get the output. It says error not found.&nbsp;</P> Mon, 15 Feb 2021 08:25:11 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539877#M90411 vagdevi 2021-02-15T08:25:11Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539923#M90414 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231367">@vagdevi</a>,</P><P>I am attaching the postman screenshot with a working example. Please check what is different?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="scelikok_0-1613388338910.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/12944i22EE18EE7EE6B1BE/image-size/medium?v=v2&amp;px=400" role="button" title="scelikok_0-1613388338910.png" alt="scelikok_0-1613388338910.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="scelikok_1-1613388398784.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/12945iCD37DF138F2D6819/image-size/medium?v=v2&amp;px=400" role="button" title="scelikok_1-1613388398784.png" alt="scelikok_1-1613388398784.png" /></span></P><P>&nbsp;</P> Mon, 15 Feb 2021 11:26:49 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539923#M90414 scelikok 2021-02-15T11:26:49Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539964#M90416 <P>Thanks for the screenshots, but i want to have the logs out from splunk thru postman, not just the count,</P> Mon, 15 Feb 2021 14:08:52 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539964#M90416 vagdevi 2021-02-15T14:08:52Z https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539969#M90418 <P>I used a sample simple search that is short and &nbsp;can run anywhere. Screenshots are for you to compare with yours since you told your getting "error not found".&nbsp;</P><P>The only thing you need to do is change the search parameter value with your search. You should see your results in postman.</P> Mon, 15 Feb 2021 14:36:08 GMT https://community.splunk.com/t5/Getting-Data-In/search-a-query-on-splunk-using-the-rest-api/m-p/539969#M90418 scelikok 2021-02-15T14:36:08Z