Hi All,
Is there any sample that uses the "|pivot" in the REST API call and gets the search results data returned?
Currently, the REST API just returns some structural information such as fields, dataset.*, open_in_search, pivot_json, pivot_search but no data. Running the same query in the Splunk UI the data are returned correctly.
From what I read online, I gathered that the pivot returns instructions to run the searches, but none of the provided searches works. Even using the "| tstat" that is generated by pivot when ran in the RestAPI it never completes, it just ran forever. Whereas, running the "| tstat", command on UI sometimes returns data.
Calling /search/pivot returns structural information no SEARCH RESULT DATA
Calling /search/search "| tstat" it keeps running never completes.
If anyone had any success by executing the "|pivot " via REST API and got search results, please advise.
The API based on the information provided by the following URL, although all code are done in C# with standard Post/Get request using HTTPWebRequest -
https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing
Perfect can you share the code you’re using for the rest call?
Can you share the details of your POST / GET request to the api?