Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HTTP Post request using REST API not returning results

mznikkip
Engager
‎10-09-2012 10:48 AM

I am using ASP.NET with C# to call a search job in Splunk. When I run the search in Splunk, it returns results but the HTTP Post is not working. Here is the code:

string URL = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export/";

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL);

request.UserAgent = "GUI";

request.Method = "POST;

request.ContentType = "application/x-www-form-urlencoded";

string requestVars = String.Format("output_mode=json&search=search%20192.168.1.1");

request.ContentLength = requestVars.Length;

Please help.

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-09-2012 11:26 AM

As indicated in the docs, this endpoint expects a GET, not a POST.

View solution in original post

Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎10-09-2012 03:29 PM

Firstly , this endpoint uses the GET HTTP Method.The docs simply make reference to another endpoint with similar parameters that uses the POST HTTP Method.
That aside , lets debug why you are not getting results.
What HTTP status code is being returned ?
Are there any error messages or diagnostic outputs you can share ?
I can't see where you are setting your session key in the Authorization header.
ie:
request.Authorization = "Splunk 1611a2464777534359db26545612e";

Furthermore , have you checked out our Developer SDKs , they make programming against the Splunk REST API a lot simpler than coding directly at the REST layer where it is easy to make mistakes. There is a C# SDK in a private repository on Github also.

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-10-2012 10:22 AM

if it's too big, you might instead run with the search/jobs (not search/jobs/export) endpoint (it takes POST with the same parameters), maybe using the exec_mode=blocking. You'll then get back a search id, and then you can page through the results and request them from the server under your control. that's probably the better approach for extremely large result sets that need to be chunked.

0 Karma
Reply
Solved! Jump to solution

mznikkip
Engager
‎10-10-2012 09:21 AM

Ahh right. Good catch!

...
string vars = String.Format("output_mode=json&search=search%20192.1.1.1");
string url = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export?" + vars;
using (WebResponse response = request.GetResponse())
{
using (Stream stream = response.GetResponseStream())
{
StreamReader reader = new StreamReader(stream);
responseText = reader.ReadToEnd();
}
}

The request now is sent but in trying to retrieve the response, the data is huge. Trying to break it up into chunks of data to display in a table. Thanks for your help!

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-10-2012 07:56 AM

I also don't see anywhere where the string vars is attached to the request object (or appended to the URL)

Reply
Solved! Jump to solution

mznikkip
Engager
‎10-10-2012 07:06 AM

As an FYI, long ago I used the POST which I had no problems with. I'm assuming during an upgrade that the endpoint functionality changed from POST to GET.

0 Karma
Reply
Solved! Jump to solution

mznikkip
Engager
‎10-10-2012 06:25 AM

string url = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export/";

HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);

req.Credentials = new NetworkCredential(user, pw);

ServicePointManager.ServerCertificateValidationCallback += delegate { return true; };

request.Method = "GET";

string vars = String.Format("output_mode=json&search=search%20192.1.1.1");

using (WebResponse response = request.GetResponse()){..}
...

When I run this code, an exception occurs at 'using (WebResponse response = request.GetResponse())'- 400 error bad request.

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-09-2012 11:26 AM

As indicated in the docs, this endpoint expects a GET, not a POST.

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-09-2012 03:52 PM

It does not say it is identical to a POST. It says it takes the same parameters as a POST to a different endpoint.

Reply
Solved! Jump to solution

mznikkip
Engager
‎10-09-2012 02:38 PM

It says it is identical to POST, so if I change it to a GET there are still no results returned.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...