Getting Data In

How to make search using Splunk Rest API

neeldesai1992
Path Finder

I have following search query that I run on the Splunk search UI & It works fine:

index=cpaws source=PFT buildNumber=14 type=REQUEST | stats p98(wholeduration) as currentRunP98Duration| appendcols [search index=cpaws source=PFT buildNumber=13 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration1] | appendcols [search index=cpaws source=PFT buildNumber=12 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration2] |eval avgP98=(previousRunP98Duration1+previousRunP98Duration2)/2 | eval success=if(currentRunP98Duration>=avgP98*0.1,"Good","BAD")| table success

For printing out parameter "success", I was using the table command. Now I want to call the same query using the Splunk REST API and in return I want to get the success parameter value. How can I do that?

I went through the Splunk REST API Documentation but I couldn't/didn't find anything helpful. Please help me.

0 Karma
1 Solution

neeldesai1992
Path Finder
0 Karma

Damien_Dallimor
Ultra Champion

You have not described how you are attempting to use the REST API.

So I will just make this suggestion, try using one of the SDKs , such as the Python SDK.

There are plenty of examples of how to execute a search

0 Karma

Damien_Dallimor
Ultra Champion

Well in that case you can use the Splunk Java SDK from Groovy.

Here is an old Gist of mine that shows how to use the Java SDK from Groovy.

And here are examples of using the Java SDK to execute Searches.

0 Karma

neeldesai1992
Path Finder

I put down the following program:
import com.splunk.*;
public class ConnectToSplunk {
public static void main(String[] args) {

    // Create a map of arguments and add login parameters
    ServiceArgs loginArgs = new ServiceArgs();
    loginArgs.setUsername("admin");
    loginArgs.setPassword("changeme");
    loginArgs.setHost("localhost");
    loginArgs.setPort(8000);

    // Create a Service instance and log in with the argument map
    Service service = Service.connect(loginArgs);


    // A second way to create a new Service object and log in
    // Service service = new Service("localhost", 8089);
    // service.login("admin", "changeme");

    // A third way to create a new Service object and log in
    // Service service = new Service(loginArgs);
    // service.login();

    // Print installed apps to the console to verify login
    for (Application app : service.getApplications().values()) {
        System.out.println(app.getName());
    }
}

}

This gives me the following error
Exception in thread "main" java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.splunk.HttpService.send(HttpService.java:409)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at ConnectToSplunk.main(ConnectToSplunk.java:13)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.splunk.HttpService.send(HttpService.java:403)
... 6 more

0 Karma

neeldesai1992
Path Finder

To see any example do I need to connect splunk Enterprise Instance?

0 Karma

Damien_Dallimor
Ultra Champion

To see the example you click on the link I posted.

To try out the example , then obviously you need to connect to a Splunk Enterprise instance.Very simple to setup on your own local machine , https://www.splunk.com/en_us/download.html

0 Karma

neeldesai1992
Path Finder

But I think this will not help me. I have search query ready. I just want to make Splunk server call and execute this search query and get the result

0 Karma

Damien_Dallimor
Ultra Champion

What , reading the docs/examples provided won't help you ?

I've given you examples to follow , I suggest reading the docs and actually trying them. Have you attempted to try anything yet ?

The docs/examples I've linked to are very clear on how to the execute a Splunk search query via the REST API and get the result.

0 Karma

neeldesai1992
Path Finder

yeah let me try that out you are right.sorry and thanks

0 Karma

neeldesai1992
Path Finder

Sorry not by SDK. So Actually I want to write a groovy script which will be part of my post build action of jenkins job. Which will make request to splunk and will get the data and extract it. I am not sure which endPoint can help me out for this.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...