Splunk API, curl and php

rzjac · ‎06-24-2010

I'm trying to get partial results having a job id through REST API how can i do it?

I'm using curl and php.

Thank you

rroberts · ‎08-06-2010

There are PHP examples you might find useful here...

http://code.google.com/p/splunk-php-sdk/source/browse/trunk/Search.php

 * Retrieves a list of search jobs on the server.
 * 
 * @param bool $as_objects If TRUE, returns an array of Splunk_Search_Result
 *     objects instead of an array of associative arrays.
 * @param string $result_class If $as_objects is true, use this class name
 *     to instantiate the search result objects for each job.
 * @return mixed Array on success, FALSE on failure
 * @access public
 */
public function listJobs($as_objects = false, $result_class = 'Splunk_Search_Result')
{
    $result = $this->send('/services/search/jobs', null, 'GET');
    if (! $this->last_successful) {
        return false;
    }

rroberts · ‎08-06-2010

What Splunk version are you on?

rzjac · ‎06-24-2010

I'd like to pull results as they arrive. Like on the web interface for splunk. I don't want to wait till whole job is finished.

Lowell · ‎06-24-2010

What do you mean by "partial" results? Like a subset? You have to pull the events or results back in chunks at a time so you can just pull a few times and then stop when you have enough data. (Thought it may be a better option to limit your search with | head 1000 or something)

Splunk API, curl and php

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

New Dates, New City: Save the Date for .conf25!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud