All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I authenticate to the REST API, pass the query, and close the session (in one fell swoop)?

tony_alibelli
New Member
‎09-08-2017 01:59 AM

How set several request in one input ?

I must first authenticate to the REST API, then pass the query, and at end close the session

Regards

0 Karma
Reply

lguinn2
Legend
‎09-10-2017 05:58 PM

Yes, those are three separate steps, but I believe that you can combine them a bit. For example, this curl command should run authenticate and run a search, without creating a session.

curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="search *"

This comes from the REST API tutorials: http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/RESTTUT/RESTsearches
The difficulty is that this command returns a search job id, not the actual search results. You need to make a second call (shown in the tutorial) to actually retrieve the results.

If you use one the of SDKS (eg. Python or Java), you will see that they provide a "one shot" search as part of the SDK, which does do what you want. But I don't know how to do this with a single call to the REST API.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...