I have spent a LOT of time searching for a way to do this. I have saved searches within Splunk Enterprise 9.x (the cloud instance) and want to be able to grab these CSV's to a windows directory to then import into a 3rd party toolset. There are a LOT of google results and massively outdated Splunk community posts which just clouds the issue.
A colleague has used a variant of the below script, they used a different bypass for the certificate as it was written back when using PowerShell v5, whereas the customer I am working with has PowerShell v7 so the -SkipCertificateCheck switch is supported.
When I run the below I get a timeout:
A connection attempt failed because the connected party did not properly respond after a period of time, or
| established connection failed because connected host has failed to respond.
Would appreciate if anyone has an existing PowerShell script that is known working to obtain the results of the saved searches and to outpit them to a nominated Windows directory.
Many thanks!
$requestUri = "https://{customer}.splunkcloud.com:8089/services/search/v2/jobs/export"
$accessToken = "{token removed}"
$outFile = "C:\DataPlatform\SplunkExports\GS_NETWORK_ADAPTER_CONFIGUR.csv"
$headers = @{
Authorization = "Bearer $accessToken"
}
$params = @{
search = "savedsearch mc_LCM_NETWORK_ADAPTER"
output_mode = "csv"
}
Invoke-WebRequest -SkipCertificateCheck -Header $headers -uri $requestUri -Body $params -ContentType "application/x-www-form-urlencoded" -OutFile $outFile
... View more