Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is correct format for curl get API Rest call to ITOA

perrinj2
Path Finder
‎01-30-2019 08:27 PM

When I use the example from the https://docs.splunk.com/Documentation/ITSI/4.0.4/RESTAPI/ITSIRESTAPIreference to try to retrieve the _key of an ITSI Service with title 296 using the following command
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/?fields='title,_key''&'filte...'
I get a response with an error message which ends in something like this
, "sec_grp": "default_itsi_security_group"}]''filter' is not recognized as an internal or external command,operable program or batch file.
So 2 questions
1 - What is the correct format to use when including the filter command?
2 - If the example is incorrect how can I get the _key field of an ISTI service using the title of the service with a Curl REST API command?
I want to find the _key from the title so I can disable or delete a specific service.
I know my credentials are ok as the following command returns a JSON payload with the details of the service
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/cb448c76-e104-499c-82f1-6356...

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

perrinj2
Path Finder
‎02-12-2019 04:06 PM 
$Username = 'username'
$Password = 'Password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$SecureString = $pass
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString

$Service = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service'
for ($i=0; $i -le $Service.count; $i++) {
 if ($Service[$i].title -eq "${bamboo.buildNumber}"){
        $ServiceKey = $Service[$i]._key
        $Service = $Service[$i].title
    }
}

$service = @{
    _key="$ServiceKey"
    enabled='0'
}
$json = $service | ConvertTo-Json
$response = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/bulk_update?is_partial_data=1' -Method Post -Body "[$json]" -ContentType 'application/json; charset=UTF-8'

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

perrinj2
Path Finder
‎02-12-2019 04:06 PM 
$Username = 'username'
$Password = 'Password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$SecureString = $pass
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString

$Service = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service'
for ($i=0; $i -le $Service.count; $i++) {
 if ($Service[$i].title -eq "${bamboo.buildNumber}"){
        $ServiceKey = $Service[$i]._key
        $Service = $Service[$i].title
    }
}

$service = @{
    _key="$ServiceKey"
    enabled='0'
}
$json = $service | ConvertTo-Json
$response = Invoke-RestMethod -Credential $MySecureCreds -Uri 'https://domain.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/bulk_update?is_partial_data=1' -Method Post -Body "[$json]" -ContentType 'application/json; charset=UTF-8'
0 Karma
Reply
Solved! Jump to solution

perrinj2
Path Finder
‎02-12-2019 04:09 PM

I got it working. Trick was to specify the $json variable containing the jason payload as "[$json]"
I also worked out how to pass secure credentials to the powershell script via the ConvertTo-SecureString method

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎02-12-2019 04:15 PM

Please remove the sensitive data from your post above (api endpoints).

Glad you got it working!

Note it’s best practice to encrypt that password at rest versus leaving it at the top of a script. You probably know that but I’m mentioning for everyone’s sake.

0 Karma
Reply
Solved! Jump to solution

perrinj2
Path Finder
‎02-06-2019 04:35 PM

Thanks for the responses. I did try the suggestions but still get syntax errors. However I've decided I want to do this in Windows PowerShell and won't bother with filters. I can use the PS equivalent of Curl which is Invoke-RestMethod to get the serviceid from the service title by using the following script
$Service = Invoke-RestMethod -Credential perrinj2admin -Uri https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service
for ($i=0; $i -le $Service.count; $i++) {
if ($Service[$i].title -eq "293"){
$ServiceKey = $Service[$i]._key
$Service = $Service[$i].title
}
}
$Service, $ServiceKey

This works fine but the next step is to disable the service and I've tried the following script

$service = @{
_key='1132aed7-ba38-498c-98e2-edb29d4144f2'
enabled=0
}
$json = $service | ConvertTo-Json
$response = Invoke-RestMethod -Credential perrinj2admin -Uri 'https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/bulk_update?is_partial_data=...' -Method Post -Body $json -ContentType 'application/json; charset=UTF-8'
$response

The response to this is
Invoke-RestMethod : {"message":"(400, 'Invalid upsert payload found, must be a valid JSON list.')"}

I've checked the output of the ConvertTo-Json and it's a valid JSON list.

Any thoughts on what could be wrong?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎02-07-2019 04:03 AM

what is the value of $json before you invoke the rest request?

write-host $json

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-31-2019 04:09 AM

These parameters look off

fields='title,_key''&'filter='\{title:"296"\}'

There’s two single quotes after the fields parameter when you should have one single quote. Then there’s a single quote before the word filter which shouldn’t be there.

Finally the value for filter is surrounded by single quotes which tells bash to “take this literally how I’ve types it” and then you’re trying to escape the curly brackets but your escapes are being taken as literal backslashes because of the single quotes.

Try this instead

fields=“title,_key''&filter=“{title:\"296\”}”
0 Karma
Reply
Solved! Jump to solution

p_gurav
Champion
‎01-31-2019 03:54 AM

Use "" in filter, also after service there is no /:

curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service?fields='title,_key''&'filter...;
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...