I want to export data from Splunk via rest API, I've been wondering whether there is a good "Splunk export" solution that can help me to send my query output/result to a third part application with the help of rest API
I have created saved serah in Splunk , and now I want to export the output of my saved serach to third party application on regular interval(once a week), I have the API details of that application with me. I checked webhook option but that was not much help since payload is fixed in that and can only be used with Alert type, Can anyone please suggest any other way .
Demo query:
index=main| timechart avg(page)
For Example API:
https://webhook.site/66e9b123-ee72-4621-98bb-4ab23a46d1e8
Happy to clarify more details if required.
@ang3loliveira - You have two options:
I hope this helps!!! Karma/upvote would be appreciated!!!
Hi @02sangeet
I think the best way to use a data export from rest api is a curl
Example
curl -k -u USERNAME:PASSWORD https://SPLUNK_URL:8089/services/search/jobs/export \
--data-urlencode search='search index="my-index" earliest=0 latest=now | table field1, field2' \
-d output_mode=csv \
-d earliest_time='-y@y' \
-d latest_time='@y' \
-o output-file.csv
in that case the output is CSV but you can use these options
atom | csv | json | json_cols | json_rows | raw | xml
here additional documentation
https://docs.splunk.com/Documentation/Splunk/8.1.3/Search/ExportdatausingRESTAPI
Hi @aasabatini
Could you please provide an example on how to export the results of a query (alread executed, results saved) to CSV format?
Thanks!