Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

search a query on splunk using the rest api

vagdevi
Observer
‎02-09-2021 05:55 AM

Hi,

I want to create a rest api request to create a search in splunk and get the details(logs) of the search result. I have gone through the splunk document provided by the splunk team, but couldn't get the response properly. I am trying all the ways to hit splunk and search, but it isn't work. I am using basic auth for the request in postman .Please help me to get through this. I am attaching the splunk we are using and the search query we have to use and also the postman request to hit the same

vagdevi_3-1612878827028.png

 

vagdevi_2-1612878694918.png

 

I want to use only postman for the search, not a curl command. 

Labels (2)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 06:36 AM

I used a sample simple search that is short and  can run anywhere. Screenshots are for you to compare with yours since you told your getting "error not found". 

The only thing you need to do is change the search parameter value with your search. You should see your results in postman.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 03:26 AM

Hi @vagdevi,

I am attaching the postman screenshot with a working example. Please check what is different?

scelikok_0-1613388338910.png

scelikok_1-1613388398784.png

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

vagdevi
Observer
‎02-15-2021 06:08 AM

Thanks for the screenshots, but i want to have the logs out from splunk thru postman, not just the count,

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-09-2021 10:30 AM

Hi @vagdevi,

Please try with jobs/export endpoint like below, it will work with basic or bearer token auth. 

https://splunk_server:8089/services/search/jobs/export?search=search index=_internal earliest=-1d latest=now | stats count by host&output_mode=json

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

vagdevi
Observer
‎02-15-2021 12:25 AM

Hi @scelikok , 

Thanks for the reply

I tried the query you provide, but couldn't get the output. It says error not found. 

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 07:12 AM

Better to use different tool and leave Splunk all alone. Not worth even trying. Awful community. Awful UI/UX, almost imaginary docs..........

Also I wouldnt risk downloading files from them (if you are thinking of self-hosting this ).

0 Karma
Reply

vagdevi
Observer
‎02-09-2021 07:25 AM

but, we are supposed to use splunk for monitoring the logs, as per client

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
Top