All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

TA-Webtools: How to add headers in a POST request ?

duuhsousa
New Member
‎10-22-2018 10:51 AM

Hi there!

I am trying to use TA-Webtools for start a automation flow. To do this I need to make a POST request as below

curl -k -X POST -H "Content-type: application/json" --data '{"flowUuid":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","inputs":{"A1": "B1","A2":"B2"}}' "https://server:8080/xxx/rest/v2"

Using TA-Webtools I am using the search command below

<my search> | curl method=POST data="{'flowUuid':'xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'}" uri=https://server:8080/xx/rest/v2

This command isn't working because are missing the header "Content-type: application/json".

How can I include this?
I think that I need to edit the python scripts, but how ?

0 Karma
Reply

suser2019
Explorer
‎06-11-2019 01:11 PM

I am using this app https://splunkbase.splunk.com/app/4146
The curl command is not picking up method=POST and always returning error 405 and
{"error":{"detail":"GET method not supported for API","message":"Method not Supported"},"status":"failure"}

I used this command
| eval header="{\"Content-Type\":\"application/json\", \"Accept\":\"application/json\"}"
| curl method=post uri= user= pass= headerfield= header

Now I am not sure how to make a POST call to an external API from Splunk search. Every time it is being detected as GET.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎06-11-2019 04:05 PM

https://answers.splunk.com/answers/738867/web-tools-add-on-ta-webtools-curl-command-throws-a.html

Does this link resolve your issue?

0 Karma
Reply

suser2019
Explorer
‎07-09-2019 09:30 PM

Testing the splunk add on for service-now app..

0 Karma
Reply

suser2019
Explorer
‎07-16-2019 05:26 PM

Got it working

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎02-05-2019 04:37 PM

See this new app that goes well beyond my curl command: https://splunkbase.splunk.com/app/4172/

0 Karma
Reply

suser2019
Explorer
‎06-11-2019 01:33 PM

I was unable to make a POST using this application

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-27-2018 08:17 PM

See release version 1.1.0

I couldnt make it work in the command like you wanted 

     | curl data="JSON_DATA_HERE"

I had to make use of eval function to make the JSON field that gets passed to the request

     | makeresults count=1  | eval header="{\"content-type\":\"application/json\"}" | eval data="{\"test data\":None}" | curl uri=https://localhost:8089/services user=admin pass=changme debug=true headerfield=header datafield=data

Let me know how it works for you

https://splunkbase.splunk.com/app/4146/

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎01-28-2019 05:42 AM

Can you let us know if this works for you?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...