Splunk Rest API response in JSON format

Eshwar · ‎02-02-2024

Hi experts,

We are in the process of sending the alerts from Splunk to another application via REST API but response of the REST API is displaying in XML format as our other application would have expect JSON format however we tried using Postman application as well but the response is same in XML so can any one suggest JSON response REST API to get the alert details?

Thank you in advance.

Regards,

Eshwar

scelikok · ‎02-03-2024

Hi @Eshwar,

Please try below;

curl -k -u admin:password  "https://localhost:8089/services/alerts/fired_alerts?output_mode=json&count=0"

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Eshwar · ‎02-03-2024

Hi @scelikok ,

That's working great.

Thank you for saving my time.

Regards,

Eshwar

scelikok · ‎02-03-2024

Hi @Eshwar,

You can add "output_mode=json" parameter to get json output. Please see below;

curl -k -u admin:password https://localhost:8089/services/search/jobs/export -d search="search sourcetype=splunkd earliest=-1h" -d output_mode=json

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Eshwar · ‎02-03-2024

Hi @scelikok ,

I tried with output_mode=json but not able to get JSON response as my REST end point is for fired alerts as below.

https://localhost:8089/services/alerts/fired_alerts

Splunk Rest API response in JSON format

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases