Hi,
I have the following rest call on a new 6.4 environment, and it's coming back with error:
curl: (56) Failure when receiving data from the peer
Not sure what's wrong...
curl -k -u admin:pass -k http://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv
The admin account has all the reset capabilities enabled on it.
You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.
curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv
You don't need the -k if it isn't https OR if the certificate is valid for the connection.
thanks a lot, helped me!
question: why this search does not work
curl -ku admin
http://myserver:8089/services/search/jobs/export
-d search= "| makeresults | eval amount=1001, score=777 "
?
You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.
curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv
You don't need the -k if it isn't https OR if the certificate is valid for the connection.
I had the same issue, and this method worked for me. Thank you jkat!
@a212830, did this answer work for you? If so, can you please mark it as the answer?
@a212830 can you come back to this thread please?
it works fine! thanks!
could you tell please why this does not work
curl -ku admin http://myserver:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
?
Because the splunk rest api uses HTTPS protocol.
sorry, i meant this
curl -k -u admin https://localhost:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
<-- this does not work...
I'm playing with Google's GCP, temporarily installed a "little" Splunk version there. And something is wrong with the access point. It perfectly worked at my job.
Please create a new question with these details.