Getting Data In

Can I use REST API without curl?

pkd18
Engager

Is there a way I can make REST API calls to Splunk to run a search and return data on JSON via webservice rather than use curl?

Basically, I need the HTTP URL equivalent for below that would work when invoked via javascript or when put into a browser:

curl -u usr:psd -k https://xx.xx.xx.xx:xxxxx/services/search/jobs/export -d search="search index=xxx earliest=-15m latest=now "xyz123"| table c1, c2" -d output_mode=json
0 Karma

duddukuri
Explorer

By using the below implementation, able to query the Splunk with Rest API without using Splunk Java SDK

String uri = "https://****:8089/services/search/jobs/export?search=search ID=d19b7c20-22e2-4832-883e-8df3907fedc0 |sort by fieldname @timestamp";

import org.springframework.http.ResponseEntity;
import org.springframework.http.client.support.BasicAuthenticationInterceptor;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

public class RestSplunkClient{
public String get(String uri, String username, String password) {
RestTemplate restTemplate = new RestTemplate();
if(null!=username && null!=password && !username.isEmpty() && !password.isEmpty()) {
restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor(username, password));
}
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(uri);
ResponseEntity response =restTemplate.getForEntity(builder.build().toUriString(), String.class);
return response.getBody();
}
}

0 Karma

jlemley
Path Finder

Theoretically, you could generate a URL like this and run it in your browser - Splunk will prompt you to log in:

https://xx.xx.xx.xx:xxxxx/services/search/jobs/export?output_mode=json&search=search%20index=xxx%20e...

Here is a jQuery AJAX example of how you can do API calls, although it's not recommended to do it this way because of the security concerns with passing a username and password through a browser. If you can generate your security token from a cURL call first, then pass that to the js script, that would be better. But for the sake of completeness:

First, get the auth token:

var settings = {
  "url": "https://xx.xx.xx.xx:xxxxx/services/auth/login",
  "method": "POST",
  "headers": {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  "data": {
    "username": "myuser",
    "password": "mypw"
  }
}

$.ajax(settings).done(function (response) {
  var thisIsMyAuthToken = response; // this part needs refined to grab the sessionKey component
});

Then do the search request:

var settings = {
  "url": "https://xx.xx.xx.xx:xxxxx/services/search/jobs/export?output_mode=json&search=search%20index=xxx%20earliest=-15m%20latest=now%20%22xyz123%22|%20table%20c1,%20c2,
  "method": "GET",
  "headers": {
    "Authorization": "Splunk " +  thisIsMyAuthToken,
    "Content-Type": "application/x-www-form-urlencoded"
  }
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

This test was generated in Postman, which I highly recommend for any API testing.

duddukuri
Explorer

how about the same URL with user credentials in calling this from Java without Splunk SDK??

0 Karma

gjanders
SplunkTrust
SplunkTrust

The search REST API reference manual describes two ways to use the jobs/export option

Try for example:

https://localhost:8089/services/search/jobs/export?search=search index=_internal | head 1&output_mode=raw

That worked for me.

0 Karma

duddukuri
Explorer

how about the same URL with user credentials in calling this from Java without Splunk SDK??

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...