Solved: Is it possible to run a Splunk search via the REST...

hettervik_new · ‎05-15-2023

There is a search endpoint on Splunk for running searches remotely via the REST API and stream back the search results as they become available (search/v2/jobs/export).

There also is a rest command in Splunk. One would think that it is possible to use the rest command to run searches on the endpoint "search/v2/jobs/export", for example like this.

| rest /services/search/v2/jobs/export splunk_server=local search="123"

However, I get the error message "Method Not Allowed" when I'm trying to do this. Suspect this is because the enpoint is expecting a HTTP POST, not HTTP GET.

Has anyone managed to do a search on this API endpoint like this using the rest search command, or have any idea on how to do it?

richgalloway · ‎05-15-2023

As you've discovered the rest command only issues GET requests. Any operation requiring a POST or DELETE request must come from something other than the Splunk UI.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎05-15-2023

As you've discovered the rest command only issues GET requests. Any operation requiring a POST or DELETE request must come from something other than the Splunk UI.

---
If this reply helps you, Karma would be appreciated.

Is it possible to run a Splunk search via the REST API using the rest command?

other

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)