- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Re: splunk-utils/search: GetData API Version undef...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fix error in splunk-utils/search: GetData API Version undefined?
Hello,
I am using the splunk-utils SDK to try and search Splunk 9.0.4 from an external app. I am able to submit an initial search with a bearer token and can see my local instance receiving it and returning a search SID. However, when I try to retrieve the results with getData, I get an error saying "Invalid Version: undefined"
// https://splunkui.splunk.com/Packages/splunk-utils/Search
const n = await getData(
sid,
"results",
{ output_mode: "json_cols" },
{ splunkdPath: serverURL, app: "myapp", owner: "nobody"},
headers
)
Tracing the node_modules, I can see that the getData in search.js is trying to figure out the version, but I am not following how. This seems to be the line that is determining if v2 should be used:
// Use V2 endpoints only where available
// https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#Semantic_API_versioning
var V2_ENDPOINTS = ['results', 'results_preview', 'events'];
var endpointVersion = V2_ENDPOINTS.includes(endpoint) && gteSplunkVersion(_config.versionLabel, '9.0.2', '9.0.2209') ? '/v2' : '';
I have been looking at this example from @ryanoconnor and @nhaq but am not seeing how the right API version is being determined.
https://github.com/splunk/react_search_example/blob/main/src/App.js
Any ideas how to update my call to tell my getData what version to use? I am assuming this is unhappy about a missing version but maybe it's something else...
Full Error:
index.js:1 TypeError: Invalid Version: undefined
at new SemVer (semver.js:19:1)
at patch (patch.js:2:1)
at gteSplunkVersion (search.js:53:1)
at getData (search.js:326:1)
at loadResults (splunksearch.js:80:1)
at retrieveJob (splunksearch.js:56:1)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Adding additional information.
Looking further at the search.js's getData implementation, I might have a versioning issue happening with my splunk-utils package. The notes for getData suggest it is doing a GET:
https://splunkui.splunk.com/Packages/splunk-utils/Search
Makes a GET request to the search/${endpointVersion}/jobs/${search_id}/${endpoint} REST API endpoint to get data from the specified search job.
My version of the package is doing a POST. These changes appear to have been pushed in the last few weeks according to the change log.
if (parameters.search && endpointVersion === '/v2') {
return fetch(url, _objectSpread(_objectSpread({}, baseFetchInit), {}, {
method: 'POST',
body: qs
})).then((0, _fetch.handleResponse)([200, 204]))["catch"]((0, _fetch.handleError)("Failed to get ".concat(endpoint || 'status', " for job ").concat(sid)));
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure enough, downgrading to version 2.2.4 fixed my issue. There must be something fundamentally different with the latest 2.3.1 version that is not playing well with an externally-based application calling Splunk.
npm install @splunk/splunk-utils@"2.2.4" The 2.3.1 version appears to be reliant on the Config package, but running outside of a Splunk environment, I do not see how it is possible to gather those facts and the documentation on this endpoint is lacking.
https://splunkui.splunk.com/Packages/splunk-utils/Config
Does the 2.3.1 version of getData require a cookie instead of a bearer token in a header? What am I missing? I might need to move this to a case with Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ohbuckeyeio , I'm just curious; did you ever get a response from Splunk on this? I'm finding other problems with my users of splunk-utils and wonder whether more recent versions are safe to use or not.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ohbuckeyeio , I'm just curious; did you ever get a response from Splunk on this? I'm finding other problems with my users of splunk-utils and wonder whether more recent versions are safe to use or not.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @pgoldweic - I did not receive a response back. I was told to email the dev team's support directly:
or hit up their Slack channel: #webplatform
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
Explore the Latest Educational Offerings from Splunk (November Releases)
New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...
