Splunk Search

Is it possible to run a Splunk search via the REST API using the rest command?

hettervik_new
Explorer

There is a search endpoint on Splunk for running searches remotely via the REST API and stream back the search results as they become available (search/v2/jobs/export).

There also is a rest command in Splunk. One would think that it is possible to use the rest command to run searches on the endpoint "search/v2/jobs/export", for example like this.

| rest /services/search/v2/jobs/export splunk_server=local search="123"

However, I get the error message "Method Not Allowed" when I'm trying to do this. Suspect this is because the enpoint is expecting a HTTP POST, not HTTP GET.

Has anyone managed to do a search on this API endpoint like this using the rest search command, or have any idea on how to do it?

Labels (1)
Tags (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

As you've discovered the rest command only issues GET requests.  Any operation requiring a POST or DELETE request must come from something other than the Splunk UI.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

As you've discovered the rest command only issues GET requests.  Any operation requiring a POST or DELETE request must come from something other than the Splunk UI.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...