Is it possible to get warnings via REST API when u...

JeanA · ‎09-24-2012

Hi,

We recently had a temporary problem with a license configuration which produced warnings when searching in the Splunk UI.

Running the same search via the REST API and using output_mode set to 'json' while the warnings were still unresolved resulted in an empty result set ("[]") response rather than any type of error or warning. The search I was running normally would have returned two results.

I ran the same search using the default XML output_mode and the same warnings that were in the UI showed up in the XML as <msg type="WARN"> elements.

Is there a way to get the warnings to show up in the JSON output which is considerably easier to parse (I'm using Python)? We resolved the cause of the warnings but I don't want to rely on JSON output if it ignores warnings and acts the same as if there were no matches to the search.

Thanks in advance!
--jean

Ayn · ‎09-24-2012

I don't think you will get these warning messages as part of requests to other endpoints than the ones that specifically will give you this information. The ones I imagine would be of relevance to you are:

licenser/messages http://docs.splunk.com/Documentation/Splunk/4.3.4/RESTAPI/RESTlicense#licenser.2Fmessages
messages http://docs.splunk.com/Documentation/Splunk/4.3.4/RESTAPI/RESTsystem#messages

Is it possible to get warnings via REST API when using JSON?

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Is it possible to get warnings via REST API when using JSON?

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk