Getting Data In
Highlighted

Getting data forwarded

New Member

How can I get the data from http://localhost:8000/en-US/app/search/flashtimeline?auto_pause=true&q=search%20host%3D%22SOME_COMPU...

I want to get the data that fills the flashtimeline and the logs how do I get this thru the api?

Tags (1)
0 Karma
Highlighted

Re: Getting data forwarded

Legend

There are good tutorials on how to interact with the REST API in the docs. This is a good starting point: http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT

Highlighted

Re: Getting data forwarded

New Member

The link doesn't help. This is close http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESToutput

But it still doesn't show how to get to the forwarders data by host.

0 Karma
Highlighted

Re: Getting data forwarded

Legend

Could you be a bit more specific regarding what you want to achieve?

0 Karma
Highlighted

Re: Getting data forwarded

New Member

Do a search with the following field host="JAdams-LT"

0 Karma
Highlighted

Re: Getting data forwarded

Legend

What are you missing from the tutorial I linked to? Searching for host="JAdams-LT" is done simply by issuing that as a search query. You need to be much more specific, I'd be glad to help but it's hard to know what your goal is, how far you have come towards achieving it, what works, what doesn't work, etc etc.

0 Karma
Highlighted

Re: Getting data forwarded

New Member

I want to pull back any logs with the word "Error" found in the sys log of host="JAdams-LT". I want this data by calling the API (NOT thru curl).

0 Karma
Highlighted

Re: Getting data forwarded

Legend

OK, well you can use any tool you want for the job - curl is just one of them. You could use the Python SDK (https://github.com/splunk/splunk-sdk-python), the Splunk Resource Powershell Resource Kit (https://github.com/splunk/splunk-reskit-powershell), Perl's LWP, anything that lets you perform the necessary steps for interacting with Splunk through the REST API. The steps are outlined in the tutorial.

The search parameter in the post to /services/search/jobs should be "%22search%20host%3D'JAdams-LT'%20AND%20Error%22".

0 Karma
Highlighted

Re: Getting data forwarded

Legend

You should also consider using the Splunk CLI for achieving the same thing - use "splunk search " at the command line. Perhaps that works for you, I wouldn't know - you're really not providing much details. I hope you find a solution.

0 Karma
Highlighted

Re: Getting data forwarded

New Member

Ok this works for me using curl, but I need a URL with params that does the same thing.

curl -k -u admin:secretpassword -d 'search="search error | head 10"' -d "output_mode=csv"
https://localhost:8089/servicesNS/admin/search/search/jobs/export

0 Karma