How to enable REST endpoints so that users can use...

kteng2024 · ‎05-23-2017

How to enable REST endpoints so that users can use other tools to grab data from Splunk? Port 8089 is already opened. But when i paste the search head URL along with port number, all i could see HTML data but not the JSON data from Splunk.

vasanthmss · ‎05-23-2017

try to add the query parameter with output_mode=json.

https://<yourhost>:<mgnt_port>/.../../..?output_mode=json

Read this, http://docs.splunk.com/Documentation/Splunk/6.6.0/RESTTUT/RESTsearches

You can return search results in JSON, CSV or XML by setting the output_mode parameter. By default, results are returned in XML format.

For example, to retrieve search results in JSON format, make the following call.

Note: The curl listing includes --get because you are passing a parameter to a GET operation.

curl -u admin:changeme \
     -k https://localhost:8089/services/search/jobs/1258421375.19/results/ \
     --get -d output_mode=json

V

How to enable REST endpoints so that users can use other tools to grab data from Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Join the Conversation