I have following search query that I run on the Splunk search UI & It works fine:
index=cpaws source=PFT buildNumber=14 type=REQUEST | stats p98(wholeduration) as currentRunP98Duration| appendcols [search index=cpaws source=PFT buildNumber=13 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration1] | appendcols [search index=cpaws source=PFT buildNumber=12 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration2] |eval avgP98=(previousRunP98Duration1+previousRunP98Duration2)/2 | eval success=if(currentRunP98Duration>=avgP98*0.1,"Good","BAD")| table success
For printing out parameter "success", I was using the table command. Now I want to call the same query using the Splunk REST API and in return I want to get the success parameter value. How can I do that?
I went through the Splunk REST API Documentation but I couldn't/didn't find anything helpful. Please help me.
You have not described how you are attempting to use the REST API.
So I will just make this suggestion, try using one of the SDKs , such as the Python SDK.
There are plenty of examples of how to execute a search
Well in that case you can use the Splunk Java SDK from Groovy.
Here is an old Gist of mine that shows how to use the Java SDK from Groovy.
And here are examples of using the Java SDK to execute Searches.
I put down the following program:
import com.splunk.*;
public class ConnectToSplunk {
public static void main(String[] args) {
// Create a map of arguments and add login parameters
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("admin");
loginArgs.setPassword("changeme");
loginArgs.setHost("localhost");
loginArgs.setPort(8000);
// Create a Service instance and log in with the argument map
Service service = Service.connect(loginArgs);
// A second way to create a new Service object and log in
// Service service = new Service("localhost", 8089);
// service.login("admin", "changeme");
// A third way to create a new Service object and log in
// Service service = new Service(loginArgs);
// service.login();
// Print installed apps to the console to verify login
for (Application app : service.getApplications().values()) {
System.out.println(app.getName());
}
}
}
This gives me the following error
Exception in thread "main" java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.splunk.HttpService.send(HttpService.java:409)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at ConnectToSplunk.main(ConnectToSplunk.java:13)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.splunk.HttpService.send(HttpService.java:403)
... 6 more
To see any example do I need to connect splunk Enterprise Instance?
To see the example you click on the link I posted.
To try out the example , then obviously you need to connect to a Splunk Enterprise instance.Very simple to setup on your own local machine , https://www.splunk.com/en_us/download.html
But I think this will not help me. I have search query ready. I just want to make Splunk server call and execute this search query and get the result
What , reading the docs/examples provided won't help you ?
I've given you examples to follow , I suggest reading the docs and actually trying them. Have you attempted to try anything yet ?
The docs/examples I've linked to are very clear on how to the execute a Splunk search query via the REST API and get the result.
yeah let me try that out you are right.sorry and thanks
Sorry not by SDK. So Actually I want to write a groovy script which will be part of my post build action of jenkins job. Which will make request to splunk and will get the data and extract it. I am not sure which endPoint can help me out for this.