Splunk Search

How to use REST-API to retrieve the result of a | pivot ??

rs8888
New Member

Hi All,

Is there any sample that uses the "|pivot" in the REST API call and gets the search results data returned?

Currently, the REST API just returns some structural information such as fields, dataset.*, open_in_search, pivot_json, pivot_search but no data. Running the same query in the Splunk UI the data are returned correctly.

From what I read online, I gathered that the pivot returns instructions to run the searches, but none of the provided searches works. Even using the "| tstat" that is generated by pivot when ran in the RestAPI it never completes, it just ran forever. Whereas, running the "| tstat", command on UI sometimes returns data.

Calling /search/pivot returns structural information no SEARCH RESULT DATA
Calling /search/search "| tstat" it keeps running never completes.

If anyone had any success by executing the "|pivot " via REST API and got search results, please advise.

Tags (1)
0 Karma

rs8888
New Member

The API based on the information provided by the following URL, although all code are done in C# with standard Post/Get request using HTTPWebRequest -
https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

0 Karma

jkat54
SplunkTrust
SplunkTrust

Perfect can you share the code you’re using for the rest call?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Can you share the details of your POST / GET request to the api?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...