All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to apply curl to each search result (proxy option required) on Web Tools Add-on

ssanplunk
Path Finder
‎01-23-2019 09:42 PM

Hi,
I appreciate the answers to the links below.
https://answers.splunk.com/answers/693317/does-splunk-ta-webtools-v13-provide-a-timeout-opti.html

Here are some additional questions about the Web Tools Add-on:
1. Is it possible to apply the curl command for each search result (url link)?
2. Is the proxy option (-x or --proxy) of linux curl available on the Web Tools Add-on?

I need to use the curl command for each search result, and at the same time I need access via a specific proxy.

Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎01-24-2019 04:43 AM

Yes, you can curl for each event/row in the search pipeline. We call this use case the “streaming” use case.

An example is given in the details section of the app on splunkbase here:

https://splunkbase.splunk.com/app/4146/#/details

See the “deleting fired alerts” example and also see the syntax.

In short when you put a shear head that hands off more than 1 event to | curl, it will automatically switch to “streaming” mode.

Ex.

index=test | head 10 | curl ....

The above search would cause the curl command to iterate over each of the 10 events that come out of ‘index=test | head 10’.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ssanplunk
Path Finder
‎01-24-2019 08:41 PM

How to use query to make result of below without map command ?

index=test
=> result field is "NUM"
1
2
3

|curl http://1.1.1.1/q?q=1
|curl http://1.1.1.1/q?q=2
|curl http://1.1.1.1/q?q=3

I used macro as below for this case, but it didn't apply.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-25-2019 04:09 AM

Is this a new question or instructions for other users? If it’s a new question, please create a new question.

0 Karma
Reply
Solved! Jump to solution

ssanplunk
Path Finder
‎01-27-2019 07:03 PM

This question is an additional question for the answer above.
Okay I will try new question.

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎01-24-2019 04:43 AM

Yes, you can curl for each event/row in the search pipeline. We call this use case the “streaming” use case.

An example is given in the details section of the app on splunkbase here:

https://splunkbase.splunk.com/app/4146/#/details

See the “deleting fired alerts” example and also see the syntax.

In short when you put a shear head that hands off more than 1 event to | curl, it will automatically switch to “streaming” mode.

Ex.

index=test | head 10 | curl ....

The above search would cause the curl command to iterate over each of the 10 events that come out of ‘index=test | head 10’.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-24-2019 08:16 AM

also, the proxy option is not currently available. I'll add it to the list of enhancement requests. Thanks!

0 Karma
Reply
Solved! Jump to solution

ssanplunk
Path Finder
‎01-24-2019 08:24 PM

I checked streaming about curl command.
Thank you for reply.
If you update about the proxy option, I will update too. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...