Splunk Search

How to call Splunk API using Postman?

kranthimutyala2
Engager

curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com/services/search/jobs    
I want to run this using Postman can someone help me frame the Postman queries to search and retrieve Splunk logs

Labels (3)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

The main question is whether you don't know how to use API to perform searches in which case you should star with https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTREF/RESTprolog or whether you don't know how to use podman correctly - this is out of scope of this forum but maybe someone with experience with this tool can give a hint or two.

0 Karma

marnall
Motivator

There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job.

Probably the most straightforward is the /jobs/export one, which starts a job and returns results, though this will take time for the started search to complete. An example request for this endpoint would be:

curl -k -u <user_in_splunk> https://<yoursplunkhost>:8089/services/search/v2/jobs/export -d search="<yoursplsearch>"

E.g.

curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com:8089/services/search/v2/jobs/export


Note that this curl request will request a password for the splunk user. There may be functionality in postman to supply this password.

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...