Splunk Search

splunk API from browser

vasanthi77
Explorer

Hi all ,

I am using below url to get data from splunk

https://hostname:8089/v7/services/search/jobs/export?output_mode=json&search=search * | stats max(_time) AS _time BY "pctIdle" | sort 0 - _time | head 1|rename "pctIdle" AS Value |eval formatted=strftime(_time,"%25Y-%25m-%25d %25H:%25M:%25S%25z")

which is giving output continuously , even though i have mentioned head 1.

below is the actual query which gives one row.

* | stats max(_time) AS _time BY "pctIdle" | sort 0 - _time | head 1|rename "pctIdle" AS Value |eval formatted=strftime(_time,"%Y-%m-%d %H:%M:%S%z"

How do i achieve same from browser.

Tags (1)
0 Karma

drfk
New Member

This is expected behaviour as is documented here for the search/jobs/export endpoint:
"Stream search results as they become available."
https://docs.splunk.com/Documentation/Splunk/7.3.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport

To get only a single result (i.e. not streaming), you could send a POST-request to the search/jobs endpoint. However, afaik this is not easily done in a browser.

0 Karma

vasanthi77
Explorer

@drfk Can i post using browser

0 Karma

drfk
New Member

There seem to be plugins for browsers that can do that, especially for testing REST APIs. However, you can better search for what you need yourself, as I wouldn't know any more about that.

0 Karma

jawaharas
Motivator

The issue is not replicable in Splunk 7.2. Which version of Splunk you are using?

0 Karma

vasanthi77
Explorer

@jawaharas I m using 7.2.7. I m getting continuous output like this , Is not the same case for you?

 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":true,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
 {"preview":false,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...