Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How read the data from splunk using search query using postman (not curl )get reuest.

kadamshridhar01
New Member
‎12-29-2018 03:00 AM

I want to know using postman how can find the result of below query
sourcetype="httpevent" 69272d19-53a9-4539-b149-9fc46bbc73cf

please find the attached image alt text

splunk.png
Preview file
67 KB
0 Karma
Reply

petom
Path Finder
‎01-01-2019 11:13 PM

There is a pretty good documentation available on Splunk website related to Splunk REST API.
You might want to have a look at it. The link below is related to Search endpoint:
https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTREF/RESTsearch

But basically what you need is:
1) url is https://splunkserver:8089/services/jobs/export (export - to export search results, there are other search endpoints available too)
2) use basic authentication with your login name and password
3) method either POST or GET (see the docs), but let's say you use POST
4) as request parameters (key / value pairs in Params tab in Postman) use (note, colon below is a separator between key and value):

earliest_time :  -1h   (last 1 hour)
latest_time : now
output_mode : json  (or csv or xml, see the docs)
search : sourcetype="httpevent" 69272d19-53a9-4539-b149-9fc46bbc73cf

Results of the query will be in the format you specified in output_mode parameter.

0 Karma
Reply

niketn
Legend
‎12-29-2018 05:52 AM

@kadamshridhar01 sorry your question is not clear. Do you need help with sending data through HEC (via Postman) to Splunk? Or you are already sending data to Splunk and need help with writing SPL?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

kadamshridhar01
New Member
‎12-30-2018 04:16 AM

@niketnilay .Already data present in splunk .i want to retrieve it through postman with search criteria .I am new to splunk .what is SPL ?
If you give me below details retrieve data from splunk.
1)Request type (get/post) and url(https://localhost:8089/?)
2)request body if any require and format
3)headers list with value .

Currently i am able to hit request splunk using basic auth but I don't understand how to set search criteria to get data

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...
Top