Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

connecting Rest API from R

debraj
New Member
‎09-02-2015 11:02 PM

Hi,

I am trying to perform search using rest api from R language. This is the curl I am using which is available in splunk doc.

curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="search *"

I am using httr GET method in R. Below is the sample code. When I use the curl I get a sid in response. But the same process when I run from R it returns all the search details. Not able to figure what I am missing out in below code.

response <- GET(splunk_server,
path=search_job_export_endpoint,
config(ssl_verifyhost=FALSE, ssl_verifypeer=0),
authenticate(username, password),
query=list(search=urlencode(search_terms)),

verbose())

What does -d in curl exactly do ?

Tags (3)
0 Karma
Reply

acharlieh
Influencer
‎09-03-2015 05:47 AM

-d is to specify data for an HTTP POST body as is described in man curl. So you want to actually POST (not GET) a form with a search parameter set to the search you want to perform.

You may also be interested in the search REST API docs which go into detail about the GET and POST methods, as well as parameters that can be used with each. Also there are some tutorials that get into the different search modes and how to poll for results, and clean up jobs if needed.

EDIT TO ADD: After figuring out how to download, install, and run R and and install install httr, could this give you a better starting point?

install.packages("httr")
library(httr)
r <- POST(splunk_server, 
          path = "services/search/jobs",
          config( ssl_verifyhost = FALSE, ssl_verifypeer = 0),
          authenticate(username, password),
          encode = "form",
          body = list( search = "noop | stats count",
                       exec_mode = "oneshot",
                       output_mode = "json" ), 
          verbose())
stop_for_status(r)
content(r, "parsed", "application/json")$results

Of course splunk_server is the url to the API port (default: https://servername:8089) and you'd of course fill in your own search for the search parameter (instead of my count nothing: noop | stats count, you'd likely have search | ...), and send along other parameters as needed from the REST API documentation as needed.

Reply

debraj
New Member
‎09-03-2015 05:52 AM

Thanks for clarification. I am getting same result with POST as well.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...