Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

search a query on splunk using the rest api

vagdevi
Observer
‎02-09-2021 05:55 AM

Hi,

I want to create a rest api request to create a search in splunk and get the details(logs) of the search result. I have gone through the splunk document provided by the splunk team, but couldn't get the response properly. I am trying all the ways to hit splunk and search, but it isn't work. I am using basic auth for the request in postman .Please help me to get through this. I am attaching the splunk we are using and the search query we have to use and also the postman request to hit the same

vagdevi_3-1612878827028.png

 

vagdevi_2-1612878694918.png

 

I want to use only postman for the search, not a curl command. 

Labels (2)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 06:36 AM

I used a sample simple search that is short and  can run anywhere. Screenshots are for you to compare with yours since you told your getting "error not found". 

The only thing you need to do is change the search parameter value with your search. You should see your results in postman.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 03:26 AM

Hi @vagdevi,

I am attaching the postman screenshot with a working example. Please check what is different?

scelikok_0-1613388338910.png

scelikok_1-1613388398784.png

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

vagdevi
Observer
‎02-15-2021 06:08 AM

Thanks for the screenshots, but i want to have the logs out from splunk thru postman, not just the count,

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-09-2021 10:30 AM

Hi @vagdevi,

Please try with jobs/export endpoint like below, it will work with basic or bearer token auth. 

https://splunk_server:8089/services/search/jobs/export?search=search index=_internal earliest=-1d latest=now | stats count by host&output_mode=json

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

vagdevi
Observer
‎02-15-2021 12:25 AM

Hi @scelikok , 

Thanks for the reply

I tried the query you provide, but couldn't get the output. It says error not found. 

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 07:12 AM

Better to use different tool and leave Splunk all alone. Not worth even trying. Awful community. Awful UI/UX, almost imaginary docs..........

Also I wouldnt risk downloading files from them (if you are thinking of self-hosting this ).

0 Karma
Reply

vagdevi
Observer
‎02-09-2021 07:25 AM

but, we are supposed to use splunk for monitoring the logs, as per client

Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...