REST API JSON output only with "result" field (wit...

highsplunker · ‎09-16-2019

Hey guys, could you please help!

I use
curl -k -u 'myUser:myPwd' https://localhost:8089/services/search/jobs/export -d search="search index=myIndex | head 2 | table _time, CLIENT_ID, EVENT_TYPE_NAME " -d output_mode=json

After that i get
{"preview":false,"offset":0,"result":{"_time":"2019-09-16 08:29:35.000 GMT","EVENT_TYPE_NAME":"Log in"}}
{"preview":false,"offset":1,"lastrow":true,"result":{"_time":"2019-09-16 08:29:35.000 GMT","CLIENT_ID":"1207088","EVENT_TYPE_NAME":"Login"}}

I want only "result" field as output. Is that possible?

Maybe another endpoint?.. Can't find.

Sukisen1981 · ‎09-16-2019

what happens if you add this before -d /results/
--get -d output_mode=json -d count=5
Have you tried some permutations of this - curl -u admin:changeme \ -k https://localhost:8089/servicesNS/admin/search/jobs/1423855196.339/results/ \ --get -d output_mode=json -d count=5
ref here - https://docs.splunk.com/Documentation/Splunk/7.3.1/Search/ExportdatausingRESTAPI

highsplunker · ‎04-26-2020

hi @Sukisen1981!
thanks for your comment!
i read the page you provided, and for some reason i cannot get the results -- not sure what's wrong

(sorry for the huge delay)

best wishes,
rashid

REST API JSON output only with "result" field (without offset, etc.)

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!