Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

REST API returns empty results when I execute the command in Linux

rajiv_kumar
Path Finder
‎04-18-2011 03:55 PM

I am trying to fetch results using REST API from Saved Search and getting empty response. My command is like this...
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d"search=search sourcetype="estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl"

Got response sid in below XML format:1303166708.128

I used this sid in the below command
curl -u admin:changeme -k https://tus1crsappdex215:8089/services/search/jobs/1303166708.128/results/

Please advise me if I am doing something wrong.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎04-18-2011 07:29 PM

You have at least one problem here with your POST. You have to escape the = with %3d in the sourcetype=...

Could you try:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'

You can also try the "export" mode:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'

This gives you the results directly. If you want CSV out, you can run this as:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl&output_mode=csv'

View solution in original post

Reply
Solved! Jump to solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎04-19-2011 12:14 PM

For export, output_mode=csv is a new addition to 4.2. You will have to upgrade to get this. You can replace export with "oneshot" to get csv out in 4.1.x.

Reply
Solved! Jump to solution

rajiv_kumar
Path Finder
‎04-19-2011 12:02 PM

It worked. But one issue is still there. I am trying to export csv format file and it seems always returning xml format.
Here is my command

curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"ebe_abs" PSN earliest%3d-4d&output_mode=csv' >> exporteddata.csv

Can you please advise on this.

Thanks,
Rajiv

0 Karma
Reply
Solved! Jump to solution

rajiv_kumar
Path Finder
‎04-19-2011 01:54 PM

Great. It worked.
Thanks Stephen!

Reply
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎04-18-2011 07:29 PM

You have at least one problem here with your POST. You have to escape the = with %3d in the sourcetype=...

Could you try:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'

You can also try the "export" mode:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'

This gives you the results directly. If you want CSV out, you can run this as:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl&output_mode=csv'
Reply
Solved! Jump to solution

Hamidreza74
Explorer
‎04-24-2021 08:35 AM


HI
I have this issue too, I check by search with your point but it not work
https://community.splunk.com/t5/forums/editpage/board-id/splunk-search/message-id/155815
can you help me?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

rajiv_kumar
Path Finder
‎04-19-2011 11:47 AM

It worked. Thanks Stephen!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...