Re: Is it possible to export a JSON file through a...

AbhiGuddu · ‎05-18-2016

I have a requirement to export a JSON file to a remote location. The file would be a feed to REST, which performs some action.
I am a beginner here and trying to explore the various capabilities I can achieve via Splunk.
Prompt response would be highly appreciated.

Cheers!!!!

jkat54 · ‎05-18-2016

Sure you can export data to JSON from splunk:

If you're looking to automate the process, everything from the REST API is in JSON format, so just learn how to use the REST API instead:

http://dev.splunk.com/restapi

AbhiGuddu · ‎05-18-2016

Hey Jkat,
Any Idea for the implementation using Java?

jkat54 · ‎05-18-2016

sorry but I dont write/speak java often enough to have splunk examples. I recommend starting with the SDK:; http://dev.splunk.com/java

I also recommend using python instead because its almost always installed contrary to java.

AbhiGuddu · ‎05-18-2016

OK,
So lets talk about next step.
Supposing we have the code for exporting the json to remote dir.
How shall we proceed next.
I mean do we need to deploy the code in the Splunk hosting server?
Please help me to follow this.

jkat54 · ‎05-18-2016

You would deploy the code wherever you want to execute the code and change the URL you call in the code accordingly. If the splunk server is at splunkserver.mydomain.com, then you'd update the url in your code/configuration as such, and make sure the firewall ports were open.

Since your end goal is to drop the JSON on a remote server, you might consider running the code on that remote server and dropping the JSON to the filesystem there. If the destination of the JSON is another API, then you could just as easily PUSH / PUT the JSON into the destination's API.

AbhiGuddu · ‎05-18-2016

Hey Jkat,
It was a typo for JASON :).My Apology.
Do you have Python script handy which I can use to get the json export for required search from the remote machine.
Perhaps I can simulate it in java.

AbhiGuddu · ‎05-18-2016

Thanks Jkat for your prompt response.

Yes, I wish to automate the process.
1.Want to run a search.
2.Save the search result in JASON format .
3.Send the file to remote location.

jkat54 · ‎05-18-2016

Its JSON not JASON. JASON = boys name, JSON = JavaScript Object Notation

jkat54 · ‎05-18-2016

For that you will need to follow the restapi tutorial as it explains how to get an authentication token and run a search using curl:

http://docs.splunk.com/Documentation/Splunk/6.4.1/RESTTUT/RESTsearches

I prefer to use python and requests/url2lib/url3lib. Here's a snippet of a python function to get the security key:

import requests, re, json

def getSession(username,password):
 uri = "https://localhost:8089/services/auth/login"
 r = requests.get(uri, data={'username':username,'password':password}, verify=False)
 sessionkey = re.sub('"',"",json.dumps(re.sub('<response>\n\s+<sessionKey>|<\/sessionKey>\n<\/response>\n',"",r.text)))
 return sessionkey

And then here is a snippet of using that key in conjuction with with requests.post():

  uri = "https://localhost:8089/services/SOME_ENDPOINT"
  headers = {'Authorization':''}
  headers['Authorization'] = 'Splunk ' + getSession("username","password")
  data="json data the endpoint expects"
  r = requests.post(uri, headers=headers, data=data, verify=False)

Is it possible to export a JSON file through a search result and send the file to a remote location outside Splunk?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!