Solved: Re: What is correct format for curl get API Rest c...

perrinj2 · ‎01-30-2019

When I use the example from the https://docs.splunk.com/Documentation/ITSI/4.0.4/RESTAPI/ITSIRESTAPIreference to try to retrieve the _key of an ITSI Service with title 296 using the following command
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/?fields='title,_key''&'filte...'
I get a response with an error message which ends in something like this
, "sec_grp": "default_itsi_security_group"}]''filter' is not recognized as an internal or external command,operable program or batch file.
So 2 questions
1 - What is the correct format to use when including the filter command?
2 - If the example is incorrect how can I get the _key field of an ISTI service using the title of the service with a Curl REST API command?
I want to find the _key from the title so I can disable or delete a specific service.
I know my credentials are ok as the following command returns a JSON payload with the details of the service
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/cb448c76-e104-499c-82f1-6356...

perrinj2 · ‎02-12-2019

$Username = 'username'
$Password = 'Password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$SecureString = $pass
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString

$Service = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service'
for ($i=0; $i -le $Service.count; $i++) {
 if ($Service[$i].title -eq "${bamboo.buildNumber}"){
        $ServiceKey = $Service[$i]._key
        $Service = $Service[$i].title
    }
}

$service = @{
    _key="$ServiceKey"
    enabled='0'
}
$json = $service | ConvertTo-Json
$response = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/bulk_update?is_partial_data=1' -Method Post -Body "[$json]" -ContentType 'application/json; charset=UTF-8'

View solution in original post

perrinj2 · ‎02-12-2019

$Username = 'username'
$Password = 'Password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$SecureString = $pass
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString

$Service = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service'
for ($i=0; $i -le $Service.count; $i++) {
 if ($Service[$i].title -eq "${bamboo.buildNumber}"){
        $ServiceKey = $Service[$i]._key
        $Service = $Service[$i].title
    }
}

$service = @{
    _key="$ServiceKey"
    enabled='0'
}
$json = $service | ConvertTo-Json
$response = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/bulk_update?is_partial_data=1' -Method Post -Body "[$json]" -ContentType 'application/json; charset=UTF-8'

perrinj2 · ‎02-12-2019

I got it working. Trick was to specify the $json variable containing the jason payload as "[$json]"
I also worked out how to pass secure credentials to the powershell script via the ConvertTo-SecureString method

jkat54 · ‎02-12-2019

Please remove the sensitive data from your post above (api endpoints).

Glad you got it working!

Note it’s best practice to encrypt that password at rest versus leaving it at the top of a script. You probably know that but I’m mentioning for everyone’s sake.

perrinj2 · ‎02-06-2019

Thanks for the responses. I did try the suggestions but still get syntax errors. However I've decided I want to do this in Windows PowerShell and won't bother with filters. I can use the PS equivalent of Curl which is Invoke-RestMethod to get the serviceid from the service title by using the following script
$Service = Invoke-RestMethod -Credential perrinj2admin -Uri https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service
for ($i=0; $i -le $Service.count; $i++) {
if ($Service[$i].title -eq "293"){
$ServiceKey = $Service[$i]._key
$Service = $Service[$i].title
}
}
$Service, $ServiceKey

This works fine but the next step is to disable the service and I've tried the following script

$service = @{
_key='1132aed7-ba38-498c-98e2-edb29d4144f2'
enabled=0
}
$json = $service | ConvertTo-Json
$response = Invoke-RestMethod -Credential perrinj2admin -Uri 'https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/bulk_update?is_partial_data=...' -Method Post -Body $json -ContentType 'application/json; charset=UTF-8'
$response

The response to this is
Invoke-RestMethod : {"message":"(400, 'Invalid upsert payload found, must be a valid JSON list.')"}

I've checked the output of the ConvertTo-Json and it's a valid JSON list.

Any thoughts on what could be wrong?

jkat54 · ‎02-07-2019

what is the value of $json before you invoke the rest request?

write-host $json

jkat54 · ‎01-31-2019

These parameters look off

fields='title,_key''&'filter='\{title:"296"\}'

There’s two single quotes after the fields parameter when you should have one single quote. Then there’s a single quote before the word filter which shouldn’t be there.

Finally the value for filter is surrounded by single quotes which tells bash to “take this literally how I’ve types it” and then you’re trying to escape the curly brackets but your escapes are being taken as literal backslashes because of the single quotes.

Try this instead

fields=“title,_key''&filter=“{title:\"296\”}”

p_gurav · ‎01-31-2019

Use "" in filter, also after service there is no /:

curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service?fields='title,_key''&'filter...;

What is correct format for curl get API Rest call to ITOA

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!