All Apps and Add-ons

How can I authenticate to the REST API, pass the query, and close the session (in one fell swoop)?

tony_alibelli
New Member

How set several request in one input ?

I must first authenticate to the REST API, then pass the query, and at end close the session

Regards

0 Karma

lguinn2
Legend

Yes, those are three separate steps, but I believe that you can combine them a bit. For example, this curl command should run authenticate and run a search, without creating a session.

curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="search *"

This comes from the REST API tutorials: http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/RESTTUT/RESTsearches
The difficulty is that this command returns a search job id, not the actual search results. You need to make a second call (shown in the tutorial) to actually retrieve the results.

If you use one the of SDKS (eg. Python or Java), you will see that they provide a "one shot" search as part of the SDK, which does do what you want. But I don't know how to do this with a single call to the REST API.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!