I want to export data from Splunk via rest API, I've been wondering whether there is a good "Splunk export" solution that can help me to send my query output/result to a third part application with the help of rest API
I have created saved serah in Splunk , and now I want to export the output of my saved serach to third party application on regular interval(once a week), I have the API details of that application with me. I checked webhook option but that was not much help since payload is fixed in that and can only be used with Alert type, Can anyone please suggest any other way .
index=main| timechart avg(page)
For Example API:
Happy to clarify more details if required.
@ang3loliveira - You have two options:
I hope this helps!!! Karma/upvote would be appreciated!!!
I think the best way to use a data export from rest api is a curl
curl -k -u USERNAME:PASSWORD https://SPLUNK_URL:8089/services/search/jobs/export \ --data-urlencode search='search index="my-index" earliest=0 latest=now | table field1, field2' \ -d output_mode=csv \ -d earliest_time='-y@y' \ -d latest_time='@y' \ -o output-file.csv
in that case the output is CSV but you can use these options
atom | csv | json | json_cols | json_rows | raw | xml
here additional documentation