Splunk ITSI

How to get the Service health score via rest API in ITSI?

rhirasin
Engager

Hello Everyone,

Our requirement is to fetch/download the Service health score via rest API.

we are in splunk cloud as of now.

Thank you

 

Labels (3)
0 Karma

Siddharth
Path Finder

Hi   

A very simple approach is your KPI and service health score resides in index=itsi_summary so you can use splunk API's which we use run a search and that can solve your problem 

In below code write this query  index="itsi_summary" service_name="Splunk" | table alert_value _time   here in plave of search *  searchquery_oneshot = "search * | head 10


https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtorunsearc...


sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
import splunklib.results as results

...

# Run a one-shot search and display the results using the results reader

# Set the parameters for the search:
# - Search everything in a 24-hour time range starting June 19, 12:00pm
# - Display the first 10 results
kwargs_oneshot = {"earliest_time": "2014-06-19T12:00:00.000-07:00",
                  "latest_time": "2014-06-20T12:00:00.000-07:00",
                  "output_mode": 'json'}
searchquery_oneshot = "search * | head 10"

oneshotsearch_results = service.jobs.oneshot(searchquery_oneshot, **kwargs_oneshot)

# Get the results and display them using the JSONResultsReader
reader = results.JSONResultsReader(oneshotsearch_results)
for item in reader:
    print(item)

please do upvote if it helps 


@rhirasin

0 Karma

semen_l
Engager

Hi everyone,

Please advise is it possible to GET a particular service Health score with a simple Rest API call (for example using a Postman app)?

Tried to find it in https://docs.splunk.com/Documentation/ITSI/4.17.0/RESTAPI/ITSIRESTAPIreference#ITOA_Interface but no success.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...