Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

REST API CALL

VijaySrrie
Builder
‎06-29-2020 02:15 AM

How to set time range using REST API call

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VijaySrrie
Builder
‎07-17-2020 02:51 AM

This one worked

https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

VijaySrrie
Builder
‎07-17-2020 02:51 AM

This one worked

https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎06-29-2020 06:32 AM

@VijaySrrie 

Can you provide more details? 

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎07-02-2020 01:51 AM

Hi

1. If suppose I need to view some particular index logs in putty, how to write a curl query ?

2. Question no. 1 should be seen for every 15 mins

For Question 1, I used below query but getting error (>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.)

curl -u adminuserid:password -k https://splunk.com/app/search/search?sid=gave that job id which we see in splunk  

u = user id

k= ???

Tags (1)
0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-02-2020 08:14 AM

With REST you couldn’t give time, it just give what is status on time of query. If needed old events then you must try to found those from _introspection. 

-k means trust non official CA signed ssl/toss cert.

r. Ismo

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎07-03-2020 04:40 AM

May I know how to write CURL command for a particular saved search  called advanced_automation

I am using below command, where I am getting error as no such saved search.

curl -k -u admin:password -d "search=savedsearch advanced_automation" https://localhost:8089/services/search/jobs/

 

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-03-2020 09:53 AM
You could follow the next instructions https://community.splunk.com/t5/Reporting/How-to-start-a-saved-search-using-REST-API/td-p/88026
R. Ismo
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...