Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Why is remote server returning error: (400) Bad Re...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is remote server returning error: (400) Bad Request trying to run a search macro using C#?
rajakanapala
New Member
09-15-2014
12:22 PM
I am trying to run a search ( Macro) but I am not able to get past this error "The remote server returned an error: (400) Bad Request."
Here are my requirements -
1) Run this search ( most efficient way using C#.NET)
2) Get the output in XML
3) And then I would like to parse this XML and store the results in my local database
I am quite new to splunk, any help would be greatly appreciated
I am using C# and I also want to know if there is a better way of doing this
// connection info
var connectArgs = new ServiceArgs
{
Host = ConfigurationManager.AppSettings["SplunkHost"],
Port = Convert.ToInt16(ConfigurationManager.AppSettings["Port"])
};
// Create new Service object
Service service = new Service(connectArgs);
// Use the Login method to connect
service.Login(ConfigurationManager.AppSettings["Username"], ConfigurationManager.AppSettings["Password"]);
var mySearch = "`investigate(ipaddress,\"9/11/2014:10:40:0\",\"9/11/2014:10:45:0\",\"\")`";
var job = service.GetJobs().Create(mySearch);
// Wait for the job to finish
while (!job.IsDone)
{
Thread.Sleep(500);
}
// Create a UTF-8 encoding
UTF8Encoding utf8 = new UTF8Encoding();
// Display results
var results = job.Results();
String line = null;
System.Console.WriteLine("Results from the search job as XML:\n");
StreamReader sr = new StreamReader(results, utf8);
while ((line = sr.ReadLine()) != null)
{
Response.Write(line);
}
sr.Close();
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ma7859
Explorer
12-08-2015
09:18 AM
I got the solution.
We need to pass our splunk search starting with search .
Hope this helps someone.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ma7859
Explorer
12-08-2015
08:03 AM
Even i am also facing the same issue. Any updates ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajakanapala
New Member
09-15-2014
12:54 PM
Update: - I have looked at the examples provided in the SDK but those are all console app related
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
