- Community
- :
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Errors everywhere / splunk.js SDK
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello,
i am trying to start a search with the splunk-js-sdk and some own js-code. i've got several issues by programming this. i have no idea what's wrong and i have read every tutorial or documentation but it seems that nothing really match to my problems.
Dashboard-XML Code:
<.dashboard stylesheet="splunk-mva.css" script="splunk.js, splunk-mva.js, jquery-1.7.2.js".>
splunk-mva.js is my own libary for the searchcalls.
splunk-mva.js Code:
var http = new splunkjs.ProxyHttp(".."); <--- Param"/proxy" doenst work for me and why do i need http-instance? i am inside splunk.
var splunkService = new splunkjs.Service(http, {sessionKey: document.cookie}); <-- user:/password: doesn't work either
var queryString = "select * from bild b join shopposition s on b.bildnummer=s.bildnummer\n join shoppositionartikelgruppe spag on s.datensatznummer=spag.shopposinummer\n join artikelnummer artnr on artnr.artikelgruppennummer=spag.artikelgruppennummer\n where artnr.artikelnummer='92956795'";
var searchParams = { output__mode: "JSON", exec___mode: "normal", id: "mvaJob" };
I tried two search-methods, both don't work for me:
first
splunkService.oneshotSearch(queryString, searchParams, function(err, results) {code}
second
splunkService.search(queryString, searchParams, function(err, job) {code}
------------------------------------------------ HTTP-HEADERS-FROM REQUEST -----------------------------------------
Request URL:....../de-DE/app/services/search/jobs?output_mode=json
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:text/javascript, text/html, application/xml, text/xml, /
Accept-Encoding:gzip,deflate,sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Authorization:.......token.....
Connection:keep-alive
Content-Length:374
Content-Type:application/x-www-form-urlencoded
Cookie:..............session_id............. ; ......splunkweb_csrf_token.....
Host: ...........de
Origin:.................de
http:.................de
Referer:http:............../de-DE/app/analytics/test13
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69
Safari/537.36
X-ProxyDestination:localhost:8089/services/search/jobs?output_mode=json
X-Requested-With:XMLHttpRequest
X-Splunk-Form-Key:6737785215983761462
Q*uery String Parametersview sourceview URL encoded*
output_mode:json
Form Dataview sourceview URL encoded
output_mode:JSON
exec_mode:normal
id:mvaJob
search:select * from bild b join shopposition s on b.bildnummer=s.bildnummer
join shoppositionartikelgruppe spag on s.datensatznummer=spag.shopposinummer
join artikelnummer artnr on artnr.artikelgruppennummer=spag.artikelgruppennummer
where artnr.artikelnummer='92956795'
Response Headersview source
Connection:close
Content-Length:478
Content-Type:text/json;charset=utf-8
Date:Thu, 09 Jan 2014 15:02:49 GMT
Server:CherryPy/3.1.2
Set-Cookie:session_id..........................; expires=Fri, 10 Jan 2014 15:02:49 GMT; httponly; Path=/
Set-Cookie:splunkweb_csrf_token.................. ; expires=Tue, 08 Jan 2019 15:02:49 GMT; Path=/
RESPONSE
{"total": 0, "data": null, "count": 0,
"success": false, "offset": 0,
"messages": [{"message":
"Ung\u00fcltiger*(Invalid)*
Viewstate-Parametername: search;
Vorgang wird abgebrochen*(operation
is aborting)*", "type": "ERROR",
"time": "2014-01-09T16:02:49"}]}
Any idea?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
If you are inside splunk itself, you might as well use the SplunkJS instead of the SDK.
http://dev.splunk.com/view/webframework-splunkjsstack/SP-CAAAESV
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
It's 6.0.1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
If you are inside splunk itself, you might as well use the SplunkJS instead of the SDK.
http://dev.splunk.com/view/webframework-splunkjsstack/SP-CAAAESV
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thank you very much. You deserve a beer!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Firstly: What version Splunk?
Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.
Find out what your skills are worth!
Read the report >
