Simple search using cURL returns empty results

pfabrizi · ‎08-23-2017

I tried following a simple cURL request based on the training video and I get no results.

I run my search:
curl -u id:password -k https://server:port/services/search/jobs -d search="search index=windows user=mylogin"

I get back a SID then search the SID for being complete.

curl -u id:password -k https://server:port/services/search/jobs/SID
see that it isDone = 1 then I l try to look at the results:

curl -u id:password -k https://server:port/services/search/jobs/SID/results

get nothing back?

when I execute the same in C# using a web client I get a method not allowed.

Thanks!

shivarpith · ‎07-25-2018

you need to add --get -d outputmode=csv (json,xml) etc

curl -k -u id:password https://server:port/services/search/jobs/SID/results --get -d "outputmode=csv" > save to file or as required.

3no · ‎08-23-2017

Did you try with HTTP POST method ?

curl -k -X POST -u id:password https://server:port/services/search/jobs/SID

3no

gu255363 · ‎09-22-2017

Even I am facing the same issue, Is it resolved? I didnt get the desiredoutput when I tried this HTTP Post method. And I am also looking for resultCount value.

Simple search using cURL returns empty results

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...