Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why is remote server returning error: (400) Bad Request trying to run a search macro using C#?

rajakanapala
New Member
‎09-15-2014 12:22 PM

I am trying to run a search ( Macro) but I am not able to get past this error "The remote server returned an error: (400) Bad Request."

Here are my requirements -

1) Run this search ( most efficient way using C#.NET)
2) Get the output in XML
3) And then I would like to parse this XML and store the results in my local database

I am quite new to splunk, any help would be greatly appreciated

I am using C# and I also want to know if there is a better way of doing this 

        // connection info
        var connectArgs = new ServiceArgs
        {
            Host = ConfigurationManager.AppSettings["SplunkHost"],
            Port = Convert.ToInt16(ConfigurationManager.AppSettings["Port"])
        };

        // Create new Service object
        Service service = new Service(connectArgs);

        // Use the Login method to connect
        service.Login(ConfigurationManager.AppSettings["Username"], ConfigurationManager.AppSettings["Password"]);        

        var mySearch = "`investigate(ipaddress,\"9/11/2014:10:40:0\",\"9/11/2014:10:45:0\",\"\")`";            

        var job = service.GetJobs().Create(mySearch);

        // Wait for the job to finish
        while (!job.IsDone)
        {
            Thread.Sleep(500);
        }

        // Create a UTF-8 encoding
        UTF8Encoding utf8 = new UTF8Encoding();

        // Display results
        var results = job.Results();
        String line = null;
        System.Console.WriteLine("Results from the search job as XML:\n");
        StreamReader sr = new StreamReader(results, utf8);
        while ((line = sr.ReadLine()) != null)
        {
            Response.Write(line);
        }

        sr.Close();
Tags (4)
0 Karma
Reply

ma7859
Explorer
‎12-08-2015 09:18 AM

I got the solution.
We need to pass our splunk search starting with search .
Hope this helps someone.

0 Karma
Reply

ma7859
Explorer
‎12-08-2015 08:03 AM

Even i am also facing the same issue. Any updates ?

0 Karma
Reply

rajakanapala
New Member
‎09-15-2014 12:54 PM

Update: - I have looked at the examples provided in the SDK but those are all console app related

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...