I have a working script that allows me to retrieve the job ID of a search in Splunk. This is working in Windows using GNU curl (and is also working --- albeit modified --- in the native Ubuntu Linux version of curl).
I am now trying to take this same approach and run it in Windows Powershell --- unfortunately, I have not yet been successful. Here is what I have so far (working curl version is shown first).
curl.exe -k -H "Authorization: Bearer <MYTOKEN>" https://<MYINSTANCE>.splunkcloud.com:8089/services/search/jobs/ --data-urlencode search='<MYSEARCH>'
============
============
$headers = @{
"Authorization" = "Bearer <MYTOKEN>"
}
$body = @{
"search" = "<MYSEARCH>"
}
$response = Invoke-WebRequest -Uri "https://<MYINSTANCE>.splunkcloud.com:8089/services/search/jobs/" `
-Method Post `
-Headers $headers `
-ContentType "application/x-www-form-urlencoded" `
-Body $body `
Any guidance is appreciated.
What error do you get from PowerShell?
I see curl uses the -k option, but PowerShell does not use the equivalent -SkipCertificateCheck option. Perhaps that is a factor.
@richgalloway I thought the same thing as that did generate an error. If I simply remove that line, I get the following error:
Incomplete string token.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : IncompleteString