Hello All,
I am trying to execute a savedsearch query through REST API call and passing the Job SID to another curl command for displaying the results, inside the same shell.
The First curl command for running the saved search gets executed well, but the later one for displaying the results is not getting executed. Need help on this please.
data=$(curl -u admin:splunk@sh -k https://localhost:8089/services/search/jobs -d search="search index=_internal xxxxxxx")
sid_id=$(grep -oPm1 "(?<=)[^<]+" <<< "$data")
echo Sid value is ::"$sid_id"
result=$(curl -k -u admin:splunk@sh 'https://localhost:8089/services/search/jobs/'$sid_id'/results')
echo $result
[root]$ ./Test.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 90 0 90 0 223 780 1933 --:--:-- --:--:-- --:--:-- 0
Sid value is ::1513337238.971
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
You're not specifying what to do with results in second curl command. Try like this
result=$(curl -k -u admin:splunk@sh 'https://localhost:8089/services/search/jobs/'$sid_id'/results' --get -d output_mode=csv)
echo $result
Other options for output_mode are json and xml.
Thank you for your response, Sir. But what I could see is the Curl Command 1 seems to be executed , but the response for Curl Command 2 is still blank.
Endpoint
curl cmd 1 : search/jobs
curl cmd 2: search/jobs/'$sid_id'/results'
I created a new set of shell with a different end point this time (curl cmd 3: search/jobs and curl cmd 4: search/sid/summary) Curl Command 3 and Curl Command 4 both seems to be executed.
So Now I feel its evident there is something to do with results endpoint