Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Different results when using the Splunk search bar versus searching over HTTP.

dacmc
New Member
‎11-07-2017 03:23 PM

For Splunk events with this kind of payload

[TS: Tue Jul 4 19:28:00 2017 PDT] [PPTID: tid1] [ABC: XYZ][ASD: YHG1] [ANDG: ldsnfn] [PPID: id1]

this query when fired using "Splunk search" returns

index=sampleindex sourcetype=samplesourcetype alt text

gives output like this
PPTID PPID TS
tid1 id1 Tue Jul 4 19:28:00 2017 PDT

When I fire the same search over HTTP to Splunk server , the query never returns

alt text

How should the query be for using over http ?

Splunk version: 6.6.3

Tags (2)
Preview file
31 KB
Preview file
185 KB
0 Karma
Reply

akheraj_splunk
Splunk Employee
Splunk Employee
‎11-08-2017 09:34 AM

Have you tried the curl --data-urlencode option instead of -d? I suspect it's because your query is being mangled in transport. Do the Splunk logs give you any information on the search that was received when sent my curl?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...