Splunk Search

How to use REST-API to retrieve the result of a | pivot ??

rs8888
New Member

Hi All,

Is there any sample that uses the "|pivot" in the REST API call and gets the search results data returned?

Currently, the REST API just returns some structural information such as fields, dataset.*, open_in_search, pivot_json, pivot_search but no data. Running the same query in the Splunk UI the data are returned correctly.

From what I read online, I gathered that the pivot returns instructions to run the searches, but none of the provided searches works. Even using the "| tstat" that is generated by pivot when ran in the RestAPI it never completes, it just ran forever. Whereas, running the "| tstat", command on UI sometimes returns data.

Calling /search/pivot returns structural information no SEARCH RESULT DATA
Calling /search/search "| tstat" it keeps running never completes.

If anyone had any success by executing the "|pivot " via REST API and got search results, please advise.

Tags (1)
0 Karma

rs8888
New Member

The API based on the information provided by the following URL, although all code are done in C# with standard Post/Get request using HTTPWebRequest -
https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

0 Karma

jkat54
SplunkTrust
SplunkTrust

Perfect can you share the code you’re using for the rest call?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Can you share the details of your POST / GET request to the api?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...