All Apps and Add-ons

Execute https get request from the Splunk SPL



I need to execute a GET request from the Splunk search, passing the header and, this is important, be able to receive the header of the answer, not only the body (curl_message).

My issue is that with the first GET request a token needs to be requested and first with this token I can proceed to the next requests (POST). This token comes however over the header and I have no impact on this.

If possible I would like to stick to the SPL search, if needed I can install additional Apps, but I would like to avoid coding in Python / creating custom commands. 

I tried to achieve my goal using the Webtools App, please see the code below, however there seems to be only the curl_message to be returned, not the response header. Or at least I would not know how to force the Webtools App to return it.

Please advice.

Kind Regards,




| makeresults count=1
| eval header="{\"x-csrf-token\":\"fetch\"}"
| curl user= pass= method=get headerfield= header debug=true  uri="https://myip/sap/opu/odata/sap/INBOUNDCONNECTOR/InboundAlertSet"




Labels (1)
Tags (1)
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.