Solved: REST API realtime searches with output_mode set to...

johandk · ‎05-10-2012

Not sure if this has been raised before but I couldn't find anything.

curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export -d search="search sourcetype=sometype" -d earliest_time="rt-30m" latest_time="rt"

works perfectly.

curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export -d search="search sourcetype=sometype" -d earliest_time="rt-30m" latest_time="rt" output_mode="json"

Does not return anything. Is this intended behavior or just a missing feature?

gstewart · ‎08-24-2012

Add -d to the http post data requests. So in this case, I believe the correct curl string would be:

curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export -d search="search sourcetype=sometype" -d earliest_time="rt-30m" -d latest_time="rt" -d output_mode="json"

View solution in original post

gstewart · ‎08-24-2012

Add -d to the http post data requests. So in this case, I believe the correct curl string would be:

curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export -d search="search sourcetype=sometype" -d earliest_time="rt-30m" -d latest_time="rt" -d output_mode="json"

ff_djimenez · ‎09-16-2013

This gives me a 404 on Splunk 5.0.

REST API realtime searches with output_mode set to json

What’s New in Splunk Cloud Platform 9.1.2308?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk