Splunk Search

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

Champion

Hi,

I have the following rest call on a new 6.4 environment, and it's coming back with error:

curl: (56) Failure when receiving data from the peer    

Not sure what's wrong...

curl -k -u  admin:pass -k http://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

The admin account has all the reset capabilities enabled on it.

1 Solution

SplunkTrust
SplunkTrust

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

View solution in original post

Contributor

thanks a lot, helped me!
question: why this search does not work

curl -ku admin
http://myserver:8089/services/search/jobs/export
-d search= "| makeresults | eval amount=1001, score=777 "

?

0 Karma

SplunkTrust
SplunkTrust

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

View solution in original post

Path Finder

I had the same issue, and this method worked for me. Thank you jkat!

SplunkTrust
SplunkTrust

@a212830, did this answer work for you? If so, can you please mark it as the answer?

SplunkTrust
SplunkTrust

@a212830 can you come back to this thread please?

0 Karma

Contributor

it works fine! thanks!
could you tell please why this does not work
curl -ku admin http://myserver:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
?

0 Karma

SplunkTrust
SplunkTrust

Because the splunk rest api uses HTTPS protocol.

0 Karma

Contributor

sorry, i meant this
curl -k -u admin https://localhost:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
<-- this does not work...

I'm playing with Google's GCP, temporarily installed a "little" Splunk version there. And something is wrong with the access point. It perfectly worked at my job.

0 Karma

SplunkTrust
SplunkTrust

Please create a new question with these details.

0 Karma