Is it possible to get warnings via REST API when u...

JeanA · ‎09-24-2012

Hi,

We recently had a temporary problem with a license configuration which produced warnings when searching in the Splunk UI.

Running the same search via the REST API and using output_mode set to 'json' while the warnings were still unresolved resulted in an empty result set ("[]") response rather than any type of error or warning. The search I was running normally would have returned two results.

I ran the same search using the default XML output_mode and the same warnings that were in the UI showed up in the XML as <msg type="WARN"> elements.

Is there a way to get the warnings to show up in the JSON output which is considerably easier to parse (I'm using Python)? We resolved the cause of the warnings but I don't want to rely on JSON output if it ignores warnings and acts the same as if there were no matches to the search.

Thanks in advance!
--jean

Ayn · ‎09-24-2012

I don't think you will get these warning messages as part of requests to other endpoints than the ones that specifically will give you this information. The ones I imagine would be of relevance to you are:

licenser/messages http://docs.splunk.com/Documentation/Splunk/4.3.4/RESTAPI/RESTlicense#licenser.2Fmessages
messages http://docs.splunk.com/Documentation/Splunk/4.3.4/RESTAPI/RESTsystem#messages

Is it possible to get warnings via REST API when using JSON?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation