Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- REST API returns empty results when I execute the ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajiv_kumar
Path Finder
04-18-2011
03:55 PM
I am trying to fetch results using REST API from Saved Search and getting empty response. My command is like this...
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d"search=search sourcetype="estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl"
Got response sid in below XML format:
I used this sid in the below command
curl -u admin:changeme -k https://tus1crsappdex215:8089/services/search/jobs/1303166708.128/results/
Please advise me if I am doing something wrong.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stephen_Sorkin
Splunk Employee
04-18-2011
07:29 PM
You have at least one problem here with your POST. You have to escape the = with %3d in the sourcetype=...
Could you try:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
You can also try the "export" mode:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
This gives you the results directly. If you want CSV out, you can run this as:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl&output_mode=csv'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stephen_Sorkin
Splunk Employee
04-19-2011
12:14 PM
For export, output_mode=csv is a new addition to 4.2. You will have to upgrade to get this. You can replace export with "oneshot" to get csv out in 4.1.x.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajiv_kumar
Path Finder
04-19-2011
12:02 PM
It worked. But one issue is still there. I am trying to export csv format file and it seems always returning xml format.
Here is my command
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"ebe_abs" PSN earliest%3d-4d&output_mode=csv' >> exporteddata.csv
Can you please advise on this.
Thanks,
Rajiv
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajiv_kumar
Path Finder
04-19-2011
01:54 PM
Great. It worked.
Thanks Stephen!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stephen_Sorkin
Splunk Employee
04-18-2011
07:29 PM
You have at least one problem here with your POST. You have to escape the = with %3d in the sourcetype=...
Could you try:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
You can also try the "export" mode:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
This gives you the results directly. If you want CSV out, you can run this as:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl&output_mode=csv'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hamidreza74
Explorer
04-24-2021
08:35 AM
HI
I have this issue too, I check by search with your point but it not work
https://community.splunk.com/t5/forums/editpage/board-id/splunk-search/message-id/155815
can you help me?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajiv_kumar
Path Finder
04-19-2011
11:47 AM
It worked. Thanks Stephen!
Get Updates on the Splunk Community!
Splunk App for Anomaly Detection End of Life Announcment
Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
