Hello All
I need to send a request to Splunk API from a Linux server but the Curl is complaining because the search argument is too long (could be up to 500000 chars). my question is: how we can use @myFile.spl to query splunk api?
This is what I have done so far but no luck yet
Hello All
I was able to solve this issue, I was digging on cURL capabilities and the answer is cURL -K configFile.
Below is how it works:
First suppose you require to send an extremely long query to Splunk API from your app or script with your cURL command (SPL search command in my case 121852 chars)
1. curl command
curl -K query.spl --noproxy '*' -H "Authorization: Splunk myTOKEN" https://mySearchHEAD:8089/servicesNS/admin/search/search/jobs
### --noproxy '*' it is optional and depends on your network setup
2. Your config file query.spl content and synaxis
[someUser@algunServidor:~/myDirectorio]$ more query.spl
-d exec_mode=oneshot ## this can be normal
-d output_mode=json ## this can be xml or csv
-d "search=| search index=myIndex sourcetype=mySourcetype _raw=*somethingIamLooking for* field1=something1 field2=something2 .... fieldN=somethingN earliest=-1h latest=now"
### really important to pay attention to the quotes in red above you need them to make it work.
I hope this help someone 🙂