Solved: How to run Splunk searches in a custom REST endpoi...

i2sheri · ‎12-01-2015

I have implemented a custom rest end point and it's working. Now I have another requirement to run Splunk searches in the same rest end point, so I would like to know the best practice for it.

I've tried calling search/jobs rest point, but I do not see actual search results

i2sheri · ‎12-20-2015

I've tried singleshot search to services/search/jobs end point with python requests and it works.

View solution in original post

i2sheri · ‎12-20-2015

I've tried singleshot search to services/search/jobs end point with python requests and it works.

jplumsdaine22 · ‎12-02-2015

When you POST to /services/search/jobs, the response from the splunk server should be a search id (sid). You will then need to do a GET request to /services/search/jobs//results to get the results from splunk (when they are ready)

Alternatively you can use the /services/search/jobs/export endpoint. This will stream the results back to you.

i2sheri · ‎12-20-2015

I've already tried singleshot search to services/search/jobs end point with splunk.rest.simpleRequest() but I did not receive results. No luck with /services/search/jobs/export endpoint too.

How to run Splunk searches in a custom REST endpoint?

.conf23 Registration is Now Open!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control