I want to pull data out of Splunk.
So, Im using REST API to export data which uses CURL call.
For example:am trying below
curl -ku username:pass https://:/services/search/jobs --data-urlencode 'search=search index="internal" | stats count(eval(sourcetype LIKE "splunk'%'")) AS stsplunk count AS total by host'
I get SID as result and I ran below one
curl -ku username:pass https://:/services/search/jobs//results/ -d output_mode=csv -d count=50000 -d offset=0 -o /tmp/my-output.csv
<msg type="FATAL">Method Not Allowed</msg>
Why no result found? What ma missing?
Please help on this.
Thanks in advance.
Found in step 3 on the link I gave.
Also note the comment someone left about 7.1.1 saying they had to use this endpoint.
We need to pull data and collected in remote server which has connection with Splunk UI
So, Am running this CURL commands in remote server to pull data out of splunk UI server.
(Remote servers is separate Application server which needs splunk data).
so, this is the case, Can I do this by REST API app? or how can i pull out of splunk?