Getting Data In

Splunk API, curl and php

rzjac
New Member

I'm trying to get partial results having a job id through REST API how can i do it?

I'm using curl and php.

Thank you

Tags (1)
0 Karma

rroberts
Splunk Employee
Splunk Employee

There are PHP examples you might find useful here...

http://code.google.com/p/splunk-php-sdk/source/browse/trunk/Search.php

 * Retrieves a list of search jobs on the server.
 * 
 * @param bool $as_objects If TRUE, returns an array of Splunk_Search_Result
 *     objects instead of an array of associative arrays.
 * @param string $result_class If $as_objects is true, use this class name
 *     to instantiate the search result objects for each job.
 * @return mixed Array on success, FALSE on failure
 * @access public
 */
public function listJobs($as_objects = false, $result_class = 'Splunk_Search_Result')
{
    $result = $this->send('/services/search/jobs', null, 'GET');
    if (! $this->last_successful) {
        return false;
    }

rroberts
Splunk Employee
Splunk Employee

What Splunk version are you on?

0 Karma

rzjac
New Member

I'd like to pull results as they arrive. Like on the web interface for splunk. I don't want to wait till whole job is finished.

0 Karma

Lowell
Super Champion

What do you mean by "partial" results? Like a subset? You have to pull the events or results back in chunks at a time so you can just pull a few times and then stop when you have enough data. (Thought it may be a better option to limit your search with | head 1000 or something)

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...