Hi Community,
I have an SPL query that runs from a savedsearch in Splunk Enterprise. When I run the query I am able to get the output but when I try to run the same query from the Linux server using a curl command I do not get any response.
I have verified if the curl is able to connect to the API and obtain a response by getting the status code in the output.
Example of the curl command: /usr/bin/curl -sSku username:password https://splunk:8089/servicesNS/admin/search/search/jobs/export -d search="| savedSearch Trading_test host_token=MTE_MTEDEV_Greening time_token.earliest=-30d time_token.latest=now " -d output_mode=csv -d exec_mode=oneshot > output.csv
I was trying to break the problem to check where it might have gone wrong. I found that the savedsearch I was using had a table command to limit the number of columns generated.
So I created a new savedsearch to without any tables and I was able to get the output as raw data.
This is such unusual behaviour that I am not able to figure out what would have gone wrong.
Could anyone let me know why is this causing a problem? Are there some other alternatives that I can use to fix this problem?
Thanks in advance.
Regards,
Pravin
