Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is the Powershell REST API timing out?

abbam
Explorer
‎05-01-2018 07:57 AM

Hi All,

I've made a script in PowerShell which utilizes the REST API input that I have. This script is for downloading extremely large amounts of data from Splunk.

The problem that I am having is that Invoke-WebRequest is timing out and I cannot get the query to complete. The query stays connected for ~5minutes and times out.

Code:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
[System.Net.ServicePointManager]::MaxServicePointIdleTime = 5000000
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$User = "admin"
$File = "C:\Temp\Password.txt"
$MyCredential=New-Object -TypeName System.Management.Automation.PSCredential `
 -ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)
$server = 'SPLUNKSERVER'
$url = "https://${server}:8089/services/search/jobs/export"
$search = "search index=_internal earliest=-5m@m | stats count by sourcetype"
$body = @{
    search = $search
    output_mode = "csv"
    earliest_time = "-5m"
    latest_time = "now"
}
Invoke-WebRequest -Method Post -Uri $url -Timeout 3600 -Credential $MyCredential -Body $body | Set-Content C:\Users\User1\Desktop\test.csv

Thanks!

0 Karma
Reply

dstaulcu
Builder
‎05-09-2019 07:58 PM

Aside from changing the credential from file based to prompt based, the script worked fine for me against my remote instance. Of course my data set from your search was very small and therefore conditions were not present for timeout based on delay in processing large amounts of data synchronously. I've never had to write an asynchronous query before, but here is v1 of my first powershell script to do so. Let me know if that helps with your situation.

0 Karma
Reply

ansif
Motivator
‎05-03-2018 02:31 AM

Can you check the script running server to url server has communication.

Use Ping and telnet.

0 Karma
Reply

pmccomb001
New Member
‎05-09-2019 12:02 PM

This does not appear to be an answer. I have the same issue. Anyone have any thoughts?

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...