I need to run a curl command to run various tasks such as creating searches, accessing searches etc.
I have the below command which works perfectly
curl -k -u admin:test12345 https://127.0.0.1:8089/services/saved/searches/ \
-d name=test_durable \
-d cron_schedule="*/15 * * * *" \
-d description="This test job is a durable saved search" \
-d dispatch.earliest_time="-15h@h" -d dispatch.latest_time=now \
--data-urlencode search="search index=_audit sourcetype=audittrail | stats count by host"
but given that I may have to craft various curl commands with different -d flags, I want to be able to pass values through a file so I used below command
curl -k -u admin:test12345 https://127.0.0.1:8089/services/saved/searches/ --data-binary data.json
where data.json looks like this
{
"name": "test_durable",
"cron_schedule": "*/15 * * * *",
"description": "This test job is a durable saved search",
"dispatch.earliest_time": "-15h@h",
"dispatch.latest_time": "now",
"search": "search index=_audit sourcetype=audittrail | stats count by host"
}
but in doing so I get following error
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Cannot perform action "POST" without a target name to act on.</msg>
</messages>
</response>
So after going through lot of different posts on this topic, I realised Splunk seems to have problem with json format or mainly extracting the 'name' attribute from json format.
Can someone please assist with how I can craft Curl command that uses data from a file like I am using above and get correct response from Splunk ?