- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunk search Using CURL is not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Below used query is working perfectly fine when i searched directly in SPLUNK WEB. but when i use the same query in CURL it's not working. I can able to run basic search using CURL but not this query. Kindly help me on this.
Here is the query i used:
curl -k -u UserName:Passwd https://splunkurl:port/services/search/jobs/export --data-urlencode search="search cs_uri_stem="*/reporting/wkReport.xls" AND (cs_uri_query="reportName=Pay+Certification" OR cs_uri_query="reportName=CS+Monthly+Payroll+Cost*")|stats count by AssociateOID, OrgOID, date, o, reportName" -d output_mode=csv
Output shows FATEL error.
I removed double qoutes with single quotes in search string and it gives me different error.
query: curl -k -u UserName:Passwd https://splunkurl:port/services/search/jobs/export --data-urlencode search="search cs_uri_stem="*/reporting/wkReport.xls" AND (cs_uri_query="reportName=Pay+Certification" OR cs_uri_query="reportName=CS+Monthly+Payroll+Cost*")|stats count by AssociateOID, OrgOID, date, o, reportName" -d output_mode=csv
Output shows stats is not recognized as internal/external command.
Kindly help me out on this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You need to escape double quote, please use below curl command and it will work fine.
curl -k -u user:pass https://server:port/services/search/jobs/export --data-urlencode search="search cs_uri_stem=\"*/reporting/wkReport.xls\" AND (cs_uri_query=\"reportName=Pay+Certification\" OR cs_uri_query=\"reportName=CS+Monthly+Payroll+Cost*\")|stats count by AssociateOID, OrgOID, date, o, reportName" -d output_mode=csv
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You need to escape double quote, please use below curl command and it will work fine.
curl -k -u user:pass https://server:port/services/search/jobs/export --data-urlencode search="search cs_uri_stem=\"*/reporting/wkReport.xls\" AND (cs_uri_query=\"reportName=Pay+Certification\" OR cs_uri_query=\"reportName=CS+Monthly+Payroll+Cost*\")|stats count by AssociateOID, OrgOID, date, o, reportName" -d output_mode=csv
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
