Splunk Search

How can we create an API call that returns a link to a report?

danielbb
Motivator

We need to call a search via the API and return a link to a report, produced by this call. Is it doable? So, I have something like the following that returns the result set as json, and the requirement is to return it as a link to a report -

 

curl -k -u 'moogsoft_smart_triage_user:xxxxxx' https://<host>:8089/servicesNS/moogsoft_smart_triage_user/search/search/jobs/export -d search="| savedsearch smart_triage_api_test INC=INCxxxx DeviceType=TestDeviceType" -d output_mode=json -d preview=false

 

Labels (1)
Tags (1)
0 Karma

aokur_splunk
Splunk Employee
Splunk Employee

This one is pretty straightforward - keep in mind that the GET request will return in it's response a Search ID (sid).

You can then, in a few minutes, return the results of that SID by just visiting the link, such as:

  • https://<host>:8000/en-US/app/search/search?sid=1686664178.1739

If you would rather have the API pull the results back, send another GET to /<app>/jobs/<sid>/results like this - you can specify options such as output_mode and others:

curl -u admin:changeme \
     -k https://localhost:8089/servicesNS/admin/search/search/jobs/1423855196.339/results/ \
     --get -d output_mode=json -d count=5

 official docs here:

https://docs.splunk.com/Documentation/SplunkCloud/latest/Search/ExportdatausingRESTAPI

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...