Solved: How to make search using Splunk Rest API

neeldesai1992 · ‎10-12-2017

I have following search query that I run on the Splunk search UI & It works fine:

index=cpaws source=PFT buildNumber=14 type=REQUEST | stats p98(wholeduration) as currentRunP98Duration| appendcols [search index=cpaws source=PFT buildNumber=13 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration1] | appendcols [search index=cpaws source=PFT buildNumber=12 type=REQUEST | stats p98(wholeduration) as previousRunP98Duration2] |eval avgP98=(previousRunP98Duration1+previousRunP98Duration2)/2 | eval success=if(currentRunP98Duration>=avgP98*0.1,"Good","BAD")| table success

For printing out parameter "success", I was using the table command. Now I want to call the same query using the Splunk REST API and in return I want to get the success parameter value. How can I do that?

I went through the Splunk REST API Documentation but I couldn't/didn't find anything helpful. Please help me.

neeldesai1992 · ‎10-13-2017

Use https://:/services/search/jobs/export

View solution in original post

neeldesai1992 · ‎10-13-2017

Use https://:/services/search/jobs/export

Damien_Dallimor · ‎10-12-2017

You have not described how you are attempting to use the REST API.

So I will just make this suggestion, try using one of the SDKs , such as the Python SDK.

There are plenty of examples of how to execute a search

Damien_Dallimor · ‎10-12-2017

Well in that case you can use the Splunk Java SDK from Groovy.

Here is an old Gist of mine that shows how to use the Java SDK from Groovy.

And here are examples of using the Java SDK to execute Searches.

neeldesai1992 · ‎10-12-2017

I put down the following program:
import com.splunk.*;
public class ConnectToSplunk {
public static void main(String[] args) {

    // Create a map of arguments and add login parameters
    ServiceArgs loginArgs = new ServiceArgs();
    loginArgs.setUsername("admin");
    loginArgs.setPassword("changeme");
    loginArgs.setHost("localhost");
    loginArgs.setPort(8000);

    // Create a Service instance and log in with the argument map
    Service service = Service.connect(loginArgs);


    // A second way to create a new Service object and log in
    // Service service = new Service("localhost", 8089);
    // service.login("admin", "changeme");

    // A third way to create a new Service object and log in
    // Service service = new Service(loginArgs);
    // service.login();

    // Print installed apps to the console to verify login
    for (Application app : service.getApplications().values()) {
        System.out.println(app.getName());
    }
}

}

This gives me the following error
Exception in thread "main" java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.splunk.HttpService.send(HttpService.java:409)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at ConnectToSplunk.main(ConnectToSplunk.java:13)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.splunk.HttpService.send(HttpService.java:403)
... 6 more

neeldesai1992 · ‎10-12-2017

To see any example do I need to connect splunk Enterprise Instance?

Damien_Dallimor · ‎10-12-2017

To see the example you click on the link I posted.

To try out the example , then obviously you need to connect to a Splunk Enterprise instance.Very simple to setup on your own local machine , https://www.splunk.com/en_us/download.html

neeldesai1992 · ‎10-12-2017

But I think this will not help me. I have search query ready. I just want to make Splunk server call and execute this search query and get the result

Damien_Dallimor · ‎10-12-2017

What , reading the docs/examples provided won't help you ?

I've given you examples to follow , I suggest reading the docs and actually trying them. Have you attempted to try anything yet ?

The docs/examples I've linked to are very clear on how to the execute a Splunk search query via the REST API and get the result.

neeldesai1992 · ‎10-12-2017

yeah let me try that out you are right.sorry and thanks

neeldesai1992 · ‎10-12-2017

Sorry not by SDK. So Actually I want to write a groovy script which will be part of my post build action of jenkins job. Which will make request to splunk and will get the data and extract it. I am not sure which endPoint can help me out for this.

How to make search using Splunk Rest API

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation