Can I use REST API without curl?

pkd18 · ‎09-07-2018

Is there a way I can make REST API calls to Splunk to run a search and return data on JSON via webservice rather than use curl?

Basically, I need the HTTP URL equivalent for below that would work when invoked via javascript or when put into a browser:

curl -u usr:psd -k https://xx.xx.xx.xx:xxxxx/services/search/jobs/export -d search="search index=xxx earliest=-15m latest=now "xyz123"| table c1, c2" -d output_mode=json

duddukuri · ‎07-23-2019

By using the below implementation, able to query the Splunk with Rest API without using Splunk Java SDK

String uri = "https://****:8089/services/search/jobs/export?search=search ID=d19b7c20-22e2-4832-883e-8df3907fedc0 |sort by fieldname @timestamp";

import org.springframework.http.ResponseEntity;
import org.springframework.http.client.support.BasicAuthenticationInterceptor;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

public class RestSplunkClient{
public String get(String uri, String username, String password) {
RestTemplate restTemplate = new RestTemplate();
if(null!=username && null!=password && !username.isEmpty() && !password.isEmpty()) {
restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor(username, password));
}
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(uri);
ResponseEntity response =restTemplate.getForEntity(builder.build().toUriString(), String.class);
return response.getBody();
}
}

jlemley · ‎07-19-2019

Theoretically, you could generate a URL like this and run it in your browser - Splunk will prompt you to log in:

https://xx.xx.xx.xx:xxxxx/services/search/jobs/export?output_mode=json&search=search%20index=xxx%20e...

Here is a jQuery AJAX example of how you can do API calls, although it's not recommended to do it this way because of the security concerns with passing a username and password through a browser. If you can generate your security token from a cURL call first, then pass that to the js script, that would be better. But for the sake of completeness:

First, get the auth token:

var settings = {
  "url": "https://xx.xx.xx.xx:xxxxx/services/auth/login",
  "method": "POST",
  "headers": {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  "data": {
    "username": "myuser",
    "password": "mypw"
  }
}

$.ajax(settings).done(function (response) {
  var thisIsMyAuthToken = response; // this part needs refined to grab the sessionKey component
});

Then do the search request:

var settings = {
  "url": "https://xx.xx.xx.xx:xxxxx/services/search/jobs/export?output_mode=json&search=search%20index=xxx%20earliest=-15m%20latest=now%20%22xyz123%22|%20table%20c1,%20c2,
  "method": "GET",
  "headers": {
    "Authorization": "Splunk " +  thisIsMyAuthToken,
    "Content-Type": "application/x-www-form-urlencoded"
  }
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

This test was generated in Postman, which I highly recommend for any API testing.

duddukuri · ‎07-19-2019

how about the same URL with user credentials in calling this from Java without Splunk SDK??

gjanders · ‎09-07-2018

The search REST API reference manual describes two ways to use the jobs/export option

Try for example:

https://localhost:8089/services/search/jobs/export?search=search index=_internal | head 1&output_mode=raw

That worked for me.

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

duddukuri · ‎07-19-2019

how about the same URL with user credentials in calling this from Java without Splunk SDK??

Can I use REST API without curl?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!