https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683482#M233386 <P>There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job.</P><P>Probably the most straightforward is the /jobs/export one, which starts a job and returns results, though this will take time for the started search to complete. An example request for this endpoint would be:</P><LI-CODE lang="markup">curl -k -u &lt;user_in_splunk&gt; https://&lt;yoursplunkhost&gt;:8089/services/search/v2/jobs/export -d search="&lt;yoursplsearch&gt;"</LI-CODE><P>E.g.</P><LI-CODE lang="markup">curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com:8089/services/search/v2/jobs/export</LI-CODE><P><BR />Note that this curl request will request a password for the splunk user. There may be functionality in postman to supply this password.</P> Fri, 05 Apr 2024 21:34:52 GMT marnall 2024-04-05T21:34:52Z https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683022#M233287 <P class=""><SPAN class="">curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" <A href="https://splunk-prod-api.internal.xxxx.com/services/search/jobs" target="_blank" rel="noopener">https://splunk-prod-api.internal.xxxx.com/services/search/jobs</A> <SPAN class="">&nbsp; &nbsp;<BR />I want to run this using Postman can someone help me frame the Postman queries to search and retrieve Splunk logs</SPAN></SPAN></P> Wed, 03 Apr 2024 13:36:02 GMT https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683022#M233287 kranthimutyala2 2024-04-03T13:36:02Z https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683482#M233386 <P>There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job.</P><P>Probably the most straightforward is the /jobs/export one, which starts a job and returns results, though this will take time for the started search to complete. An example request for this endpoint would be:</P><LI-CODE lang="markup">curl -k -u &lt;user_in_splunk&gt; https://&lt;yoursplunkhost&gt;:8089/services/search/v2/jobs/export -d search="&lt;yoursplsearch&gt;"</LI-CODE><P>E.g.</P><LI-CODE lang="markup">curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com:8089/services/search/v2/jobs/export</LI-CODE><P><BR />Note that this curl request will request a password for the splunk user. There may be functionality in postman to supply this password.</P> Fri, 05 Apr 2024 21:34:52 GMT https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683482#M233386 marnall 2024-04-05T21:34:52Z https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683487#M233387 <P>The main question is whether you don't know how to use API to perform searches in which case you should star with <A href="https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTREF/RESTprolog" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTREF/RESTprolog</A> or whether you don't know how to use podman correctly - this is out of scope of this forum but maybe someone with experience with this tool can give a hint or two.</P> Sat, 06 Apr 2024 10:23:56 GMT https://community.splunk.com/t5/Splunk-Search/How-to-call-Splunk-API-using-Postman/m-p/683487#M233387 PickleRick 2024-04-06T10:23:56Z