Execute https get request from the Splunk SPL

All Apps and Add-ons

Hello,

I need to execute a GET request from the Splunk search, passing the header and, this is important, be able to receive the header of the answer, not only the body (curl_message).

My issue is that with the first GET request a token needs to be requested and first with this token I can proceed to the next requests (POST). This token comes however over the header and I have no impact on this.

If possible I would like to stick to the SPL search, if needed I can install additional Apps, but I would like to avoid coding in Python / creating custom commands.

I tried to achieve my goal using the Webtools App, please see the code below, however there seems to be only the curl_message to be returned, not the response header. Or at least I would not know how to force the Webtools App to return it.

Please advice.

Kind Regards,

Kamil

| makeresults count=1
| eval header="{\"x-csrf-token\":\"fetch\"}"
| curl user= pass= method=get headerfield= header debug=true  uri="https://myip/sap/opu/odata/sap/INBOUNDCONNECTOR/InboundAlertSet"

Get Updates on the Splunk Community!

Execute https get request from the Splunk SPL

search

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!

Are you a member of the Splunk Community?

Execute https get request from the Splunk SPL

search

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!