Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

search a query on splunk using the rest api

vagdevi
Observer
‎02-09-2021 05:55 AM

Hi,

I want to create a rest api request to create a search in splunk and get the details(logs) of the search result. I have gone through the splunk document provided by the splunk team, but couldn't get the response properly. I am trying all the ways to hit splunk and search, but it isn't work. I am using basic auth for the request in postman .Please help me to get through this. I am attaching the splunk we are using and the search query we have to use and also the postman request to hit the same

vagdevi_3-1612878827028.png

 

vagdevi_2-1612878694918.png

 

I want to use only postman for the search, not a curl command. 

Labels (2)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 06:36 AM

I used a sample simple search that is short and  can run anywhere. Screenshots are for you to compare with yours since you told your getting "error not found". 

The only thing you need to do is change the search parameter value with your search. You should see your results in postman.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 03:26 AM

Hi @vagdevi,

I am attaching the postman screenshot with a working example. Please check what is different?

scelikok_0-1613388338910.png

scelikok_1-1613388398784.png

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

vagdevi
Observer
‎02-15-2021 06:08 AM

Thanks for the screenshots, but i want to have the logs out from splunk thru postman, not just the count,

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-09-2021 10:30 AM

Hi @vagdevi,

Please try with jobs/export endpoint like below, it will work with basic or bearer token auth. 

https://splunk_server:8089/services/search/jobs/export?search=search index=_internal earliest=-1d latest=now | stats count by host&output_mode=json

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

vagdevi
Observer
‎02-15-2021 12:25 AM

Hi @scelikok , 

Thanks for the reply

I tried the query you provide, but couldn't get the output. It says error not found. 

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 07:12 AM

Better to use different tool and leave Splunk all alone. Not worth even trying. Awful community. Awful UI/UX, almost imaginary docs..........

Also I wouldnt risk downloading files from them (if you are thinking of self-hosting this ).

0 Karma
Reply

vagdevi
Observer
‎02-09-2021 07:25 AM

but, we are supposed to use splunk for monitoring the logs, as per client

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top