Splunk Search

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

a212830
Champion

Hi,

I have the following rest call on a new 6.4 environment, and it's coming back with error:

curl: (56) Failure when receiving data from the peer    

Not sure what's wrong...

curl -k -u  admin:pass -k http://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

The admin account has all the reset capabilities enabled on it.

1 Solution

jkat54
SplunkTrust
SplunkTrust

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

View solution in original post

highsplunker
Contributor

thanks a lot, helped me!
question: why this search does not work

curl -ku admin
http://myserver:8089/services/search/jobs/export
-d search= "| makeresults | eval amount=1001, score=777 "

?

0 Karma

jkat54
SplunkTrust
SplunkTrust

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

supabuck
Path Finder

I had the same issue, and this method worked for me. Thank you jkat!

jkat54
SplunkTrust
SplunkTrust

@a212830, did this answer work for you? If so, can you please mark it as the answer?

jkat54
SplunkTrust
SplunkTrust

@a212830 can you come back to this thread please?

0 Karma

highsplunker
Contributor

it works fine! thanks!
could you tell please why this does not work
curl -ku admin http://myserver:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Because the splunk rest api uses HTTPS protocol.

0 Karma

highsplunker
Contributor

sorry, i meant this
curl -k -u admin https://localhost:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
<-- this does not work...

I'm playing with Google's GCP, temporarily installed a "little" Splunk version there. And something is wrong with the access point. It perfectly worked at my job.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Please create a new question with these details.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...