Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use PowerShell to export a saved search using invoke-restmethod?

vandelin
New Member
‎05-29-2020 08:20 AM

Hi All,

I need to turn this:

curl --insecure -k -u username "https://api.splunk.company.com:443/servicesNS/username/sse_sitescope_prod_v01/saved/searches/apisear..."

Into a PowerShell equivalent:

api.splunk.company.com:443 is not trusted, as it does not have an SSL cert.

I've read many examples, I just want to export this saved search using invoke-restmethod

Can anyone assist?

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-29-2020 09:49 AM

If you use powershell version 6 then you can add -SkipCertificateCheck.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

vandelin
New Member
‎05-29-2020 10:52 AM

I appreciate the response.

I just can't seem to get the entire invoke-restmethod command down pat

I can work with the cert issue , i see where you can search splunk with invoke-restmethod.

I want to be able to have powershell invoke-restmethod and export a saved search

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-29-2020 11:38 AM

If you don't have powershell 6 then there are other ways to avoid checking certificates. Google can help find them.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

vandelin
New Member
‎05-29-2020 11:45 AM

i was just mentioning that my curl command had --insecure because it will throw ssl errors at you and not run if you dont because the site is not trusted/has an ssl cert

Skipping certs is just one line that I already have

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

But I'm to form the entire 10 other lines, i cant find a good example to work with when exporting a saved search 

$search=""https://api.splunk.company.com:443/services/search/jobs/scheduler__username_c3NlX3NpdGVzY29wZV9wcm9kX3YwMQ__usernameapisearchv3_at_1590751800_36332_8CEC1426-6D01-4FD1-8F3C-31B0C726D471/results?count=0" <-- im trying to do something like this 

#$search = $servar # Cmdlet handles urlencoding

       $body = @{

       search = $search

       output_mode = "json"

       earliest_time = "-31d"

       latest_time = "-5d"

       }

       Invoke-RestMethod -Method get -Uri $url -Credential $cred -Body $body

Regards,

0 Karma
Reply

vandelin
New Member
‎05-29-2020 11:46 AM

I don't know why it formatted it like this, but, it is what it is

0 Karma
Reply

vandelin
New Member
‎05-29-2020 09:43 AM

In the end i want the history for the sid and then i want to call:
curl --insecure -u username "https://api.splunk.company.com:443/services/search/jobs/Enter sid/results?count=0"

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...
li.common.scroll-to.top