Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

a212830
Champion
‎05-23-2016 12:26 PM

Hi,

I have the following rest call on a new 6.4 environment, and it's coming back with error:

curl: (56) Failure when receiving data from the peer

Not sure what's wrong...

curl -k -u  admin:pass -k http://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

The admin account has all the reset capabilities enabled on it.

Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 12:41 PM

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

View solution in original post

Reply
Solved! Jump to solution

highsplunker
Contributor
‎04-15-2020 01:59 PM

thanks a lot, helped me!
question: why this search does not work

curl -ku admin
http://myserver:8089/services/search/jobs/export
-d search= "| makeresults | eval amount=1001, score=777 "

?

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 12:41 PM

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

Reply
Solved! Jump to solution

supabuck
Path Finder
‎08-22-2016 12:20 PM

I had the same issue, and this method worked for me. Thank you jkat!

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎05-07-2017 08:33 AM

@a212830, did this answer work for you? If so, can you please mark it as the answer?

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎06-14-2017 02:12 PM

@a212830 can you come back to this thread please?

0 Karma
Reply
Solved! Jump to solution

highsplunker
Contributor
‎04-15-2020 02:01 PM

it works fine! thanks!
could you tell please why this does not work
curl -ku admin http://myserver:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎04-15-2020 02:21 PM

Because the splunk rest api uses HTTPS protocol.

0 Karma
Reply
Solved! Jump to solution

highsplunker
Contributor
‎04-15-2020 02:27 PM

sorry, i meant this
curl -k -u admin https://localhost:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
<-- this does not work...

I'm playing with Google's GCP, temporarily installed a "little" Splunk version there. And something is wrong with the access point. It perfectly worked at my job.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎04-24-2020 06:19 AM

Please create a new question with these details.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...