Solved: Re: HTTP Post request using REST API not returning...

mznikkip · ‎10-09-2012

I am using ASP.NET with C# to call a search job in Splunk. When I run the search in Splunk, it returns results but the HTTP Post is not working. Here is the code:

string URL = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export/";

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL);

request.UserAgent = "GUI";

request.Method = "POST;

request.ContentType = "application/x-www-form-urlencoded";

string requestVars = String.Format("output_mode=json&search=search%20192.168.1.1");

request.ContentLength = requestVars.Length;

Please help.

gkanapathy · ‎10-09-2012

As indicated in the docs, this endpoint expects a GET, not a POST.

View solution in original post

Damien_Dallimor · ‎10-09-2012

Firstly , this endpoint uses the GET HTTP Method.The docs simply make reference to another endpoint with similar parameters that uses the POST HTTP Method.
That aside , lets debug why you are not getting results.
What HTTP status code is being returned ?
Are there any error messages or diagnostic outputs you can share ?
I can't see where you are setting your session key in the Authorization header.
ie:
request.Authorization = "Splunk 1611a2464777534359db26545612e";

Furthermore , have you checked out our Developer SDKs , they make programming against the Splunk REST API a lot simpler than coding directly at the REST layer where it is easy to make mistakes. There is a C# SDK in a private repository on Github also.

gkanapathy · ‎10-10-2012

if it's too big, you might instead run with the search/jobs (not search/jobs/export) endpoint (it takes POST with the same parameters), maybe using the exec_mode=blocking. You'll then get back a search id, and then you can page through the results and request them from the server under your control. that's probably the better approach for extremely large result sets that need to be chunked.

mznikkip · ‎10-10-2012

Ahh right. Good catch!

...
string vars = String.Format("output_mode=json&search=search%20192.1.1.1");
string url = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export?" + vars;
using (WebResponse response = request.GetResponse())
{
using (Stream stream = response.GetResponseStream())
{
StreamReader reader = new StreamReader(stream);
responseText = reader.ReadToEnd();
}
}

The request now is sent but in trying to retrieve the response, the data is huge. Trying to break it up into chunks of data to display in a table. Thanks for your help!

gkanapathy · ‎10-10-2012

I also don't see anywhere where the string vars is attached to the request object (or appended to the URL)

mznikkip · ‎10-10-2012

As an FYI, long ago I used the POST which I had no problems with. I'm assuming during an upgrade that the endpoint functionality changed from POST to GET.

mznikkip · ‎10-10-2012

string url = "https://1.1.1.1:8089/servicesNS/admin/MyApp/search/jobs/export/";

HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);

req.Credentials = new NetworkCredential(user, pw);

ServicePointManager.ServerCertificateValidationCallback += delegate { return true; };

request.Method = "GET";

string vars = String.Format("output_mode=json&search=search%20192.1.1.1");

using (WebResponse response = request.GetResponse()){..}
...

When I run this code, an exception occurs at 'using (WebResponse response = request.GetResponse())'- 400 error bad request.

gkanapathy · ‎10-09-2012

As indicated in the docs, this endpoint expects a GET, not a POST.

gkanapathy · ‎10-09-2012

It does not say it is identical to a POST. It says it takes the same parameters as a POST to a different endpoint.

mznikkip · ‎10-09-2012

It says it is identical to POST, so if I change it to a GET there are still no results returned.

HTTP Post request using REST API not returning results

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!