Solved: What is wrong with this curl command and what does...

zackh123 · ‎10-23-2012

All URLs and such have been modified for privacy.

Can anyone tell me what is happening here? I'm trying to search for "My Search" on a remote splunk server in which it's URL is splunk.website.cc. There is no https:// in front of it. If you try to load https://splunk.website.cc in your normal web browser it will fail.

Here is the command I am sending through CLI using Rest API

curl -k -3 -vvv -u admin:pass -d "search=savedsearch %22My%20Search%22" -d "output_mode=csv" splunk.website.cc:80/servicesNS/admin/search/search/jobs/export

I am using port 80 because that is the port that the server connects to. If I use port 8089, it times out trying to connect to the server.

When I run the above command, I get this output in my CLI...

* About to connect() to splunk.website.cc port 80 (#0)
*   Trying 1.1.1.1... connected
* Server auth using Basic with user 'admin'
> POST /servicesNS/admin/search/search/jobs/export HTTP/1.0
> Authorization: Basic cmFzY2FsOnphY2twYXNzd29yZA==
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: splunk.website.cc
> Accept: */*
> Content-Length: 51
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 51out of 51 bytes
< HTTP/1.1 303 See Other
< Date: Tue, 23 Oct 2012 18:45:20 GMT
< Server: CherryPy/3.1.2
< Content-Length: 194
< Content-Type: text/html;charset=utf-8
< Location: http://splunk.website.cc/en-US/servicesNS/admin/search/search/jobs/export
< Set-Cookie: session_id_8000=f2d959814502146df5c678e29f8043ccc4bdf1a4; expires=Wed, 24 Oct 2012 18:45:20 GMT; httponly; Path=/
< Connection: close
< 
* Closing connection #0

Can anyone please explain what this output means and or what I can do to correct it? It's obviously not an output of data from "My Search" Any response would be appreciated!

sowings · ‎10-23-2012

Specifically to answer your question about the output from curl, it says "303, the thing you want is over there". It's referring you to a localized version of the URL you asked for, to show it to you in English, with a US (en-US) locale. An ordinary browser would follow that up and go ask for that URL as a GET (and probably then get a 404).

View solution in original post

sowings · ‎10-23-2012

Specifically to answer your question about the output from curl, it says "303, the thing you want is over there". It's referring you to a localized version of the URL you asked for, to show it to you in English, with a US (en-US) locale. An ordinary browser would follow that up and go ask for that URL as a GET (and probably then get a 404).

zackh123 · ‎10-24-2012

Thanks for the answer. And I apologize for the bombardment of questions that I am asking and there will probably be more to come. I'm very new to Splunk, Splunk CLI, and Rest API. But when assigned something at my place of work, you have to do it! I appreciate the patience of all of you guys. This seems like a nifty tool! @sowings @Ayn @gkanapathy

sowings · ‎10-23-2012

From what I can see, you're talking to Splunk WEB (CherryPy) on port 80 over HTTP, not the splunk daemon itself, which would be servicing your REST call. Try using the server's hostname, port 8089 (default management port) as the host part of your curl statement. You'll need to preface it with https.

gkanapathy · ‎10-23-2012

This looks to me like the same problem. You're still connecting to the wrong port (and getting an error both times, so stop doing that) and when you use the right port, you're getting blocked, most probably by a firewall.

Ayn · ‎10-23-2012

OK - the issue is the same though. You need to access port 8089.

sowings · ‎10-23-2012

It's a successful connection, yes, but you're talking to the webserver, not splunkd. Based upon your comment about connecting to port 8089, it sounds like there's a firewall in the way.

zackh123 · ‎10-23-2012

Thanks for the help @Ayn but this is different output as I am actually POSTing back to the server with some sort of data I collected. The last question was asking for information about an error. This question is asking for information on output to what seems to be a successful connection to the server.

Ayn · ‎10-23-2012

I don't see how this question is just another big déjà vu of http://splunk-base.splunk.com/answers/62852/curl-35-error-rest-api - why are you asking the same question twice? And why did you accept the original answer if you haven't resolved your issue?

gkanapathy · ‎10-23-2012

if it times out, then it's most likely because you have a firewall or something else blocking it.

zackh123 · ‎10-23-2012

If I use that url, it times out trying to connect.

About to connect() to splunk.website.cc port 8089 (#0)
Trying 1.1.1.1... Connection timed out
couldn't connect to host
Closing connection #0 curl: (7) couldn't connect to host

sowings · ‎10-23-2012

I was assuming you had obfuscated it. An example might be curl ... https://splunk.website.cc:8089/servicesNS/admin/search/search/jobs/export ...

zackh123 · ‎10-23-2012

Where would I find my server's hostname? I though it was splunk.website.cc

What is wrong with this curl command and what does this output mean?

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved