- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do you url encode a query you want to send to splunk?
On the splunk dev rest api guide it says that splunk queries sent through curl must first be url encoded.
http://dev.splunk.com/view/SP-CAAADQT
Some url encoders will turn a spacebar into a %20 symbol for instance. The page then goes on to show an example of url encoding with a python built in function. Can you just use the built in curl url encode function?
I have a query that uses rex in a way like this and I'm not sure how to url encode correctly. Although I need to try the query out again on another search head later today.
index=index obscure=keyword earliest=8/5/2012:0:0:0 latest=8/6/2012:0:00:0 date_hour=16 (date_minute>=20 AND date_minute<30) | rex "(?im)^(?:[^:\\n]*:){3}\\d+\\s+(?P
You'll notice all the weird characters. I don't think splunk likes it when I url encode the spacebar character, so I'm just wondering what characters need to be url encoded.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Curl should take care of encoding for you. There is an option "--data-urlencode" that should do the trick. You don't need to do anything, except escape it for your shell so it doesn't get altered before curl gets it 🙂 If you think you have problem with your shell messing with the data, you can try putting it into file and passing to curl with @filename option for --data-urlencode (see curl man-page). Also this this tutorial can be useful.
If tempted to encode your string manually (not recommended), here is the spec what to do.
