I am using ASP.NET with C# to call a search job in Splunk. When I run the search in Splunk, it returns results but the HTTP Post is not working. Here is the code:
string URL = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export/";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL);
request.UserAgent = "GUI";
request.Method = "POST;
request.ContentType = "application/x-www-form-urlencoded";
string requestVars = String.Format("output_mode=json&search=search%20192.168.1.1");
request.ContentLength = requestVars.Length;
Please help.
Firstly , this endpoint uses the GET HTTP Method.The docs simply make reference to another endpoint with similar parameters that uses the POST HTTP Method.
That aside , lets debug why you are not getting results.
What HTTP status code is being returned ?
Are there any error messages or diagnostic outputs you can share ?
I can't see where you are setting your session key in the Authorization header.
ie:
request.Authorization = "Splunk 1611a2464777534359db26545612e";
Furthermore , have you checked out our Developer SDKs , they make programming against the Splunk REST API a lot simpler than coding directly at the REST layer where it is easy to make mistakes. There is a C# SDK in a private repository on Github also.
if it's too big, you might instead run with the search/jobs (not search/jobs/export) endpoint (it takes POST with the same parameters), maybe using the exec_mode=blocking
. You'll then get back a search id, and then you can page through the results and request them from the server under your control. that's probably the better approach for extremely large result sets that need to be chunked.
Ahh right. Good catch!
...
string vars = String.Format("output_mode=json&search=search%20192.1.1.1");
string url = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export?" + vars;
using (WebResponse response = request.GetResponse())
{
using (Stream stream = response.GetResponseStream())
{
StreamReader reader = new StreamReader(stream);
responseText = reader.ReadToEnd();
}
}
The request now is sent but in trying to retrieve the response, the data is huge. Trying to break it up into chunks of data to display in a table. Thanks for your help!
I also don't see anywhere where the string vars
is attached to the request
object (or appended to the URL)
As an FYI, long ago I used the POST which I had no problems with. I'm assuming during an upgrade that the endpoint functionality changed from POST to GET.
string url = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export/";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Credentials = new NetworkCredential(user, pw);
ServicePointManager.ServerCertificateValidationCallback += delegate { return true; };
request.Method = "GET";
string vars = String.Format("output_mode=json&search=search%20192.1.1.1");
using (WebResponse response = request.GetResponse()){..}
...
When I run this code, an exception occurs at 'using (WebResponse response = request.GetResponse())'- 400 error bad request.
It does not say it is identical to a POST. It says it takes the same parameters as a POST to a different endpoint.
It says it is identical to POST, so if I change it to a GET there are still no results returned.