Solved: splunk URL query

DTERM · ‎05-24-2011

Is there a method for Splunk to generate a search if another application passes Splunk a URL? For this example, let’s assume I already have a user logged into Splunk to bypass the authentication requirement. Another application will generate a URL directed at the Splunk server with a search string for hostname and IP address.

So, another application will pass a URL that reads (for example) http://--/splunk?host=abc and Splunk will in turn generate a query.

If there are alternative solutions to achieve this, let me know.

TIA

bwooden · ‎05-24-2011

It is possible, yes. In your scenario, you would pass the search "* | head 10" to flashtimeline using the url param q.

http://splunk_server/app/search/flashtimeline?q=search%20*%20|%20head%2010

View solution in original post

bwooden · ‎05-24-2011

It is possible, yes. In your scenario, you would pass the search "* | head 10" to flashtimeline using the url param q.

http://splunk_server/app/search/flashtimeline?q=search%20*%20|%20head%2010

bwooden · ‎05-24-2011

That is if you intend to pass it through the client's browser which already has an authenticated session. You can authenticate through url parameters too by enabling insecure login. If you want to do this all programagically without use of client's browser, you'll want to leverage the REST API.

splunk URL query

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation