Greetings folks, and thanks in advance for a little brainpower here. I'm definitely a splunk novice. I'm trying to pull some tstats values via a REST call via powershell, and I can't seem to return any data. I can perform a basic search "search hostname=servername.corp" via this method and it will return the results I expect. The search term that gets me the data I want via the web interface is "|tstats values(host) where index=*" however, performing this search (with various options for " or ' substitution) via a rest call yields nothing. Thanks in advance for your help. If you're powershell fluent, I've included my script chunk below, but this shouldn't be just a powershell thing... I'm pretty sure I'm just calling this search the wrong way since, again, I've verified this with a more simple search term. And yes, the credential is valid. $SplunkAPI = "https://<MySplunkServer>/services/search/jobs/export" $Search = 'search "|tstats values(host) where index=* by index"' $Body = @{ search = $search output_mode = "json" earliest_time = "-24h" latest_time = "now" } Invoke-RestMethod -Method Post -Uri $SplunkAPI -Credential $Cred -Body $Body
... View more