Activity Feed
- Posted Re: Zero results when searching with Splunk Powershell Module. on Splunk Search. 06-09-2020 03:11 PM
- Posted Re: How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 11:46 AM
- Posted Re: How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 11:45 AM
- Posted Re: How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 10:52 AM
- Posted Re: How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 09:43 AM
- Posted How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 08:20 AM
- Tagged How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 08:20 AM
- Tagged How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 08:20 AM
- Tagged How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 08:20 AM
- Tagged How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 08:20 AM
- Tagged How to use PowerShell to export a saved search using invoke-restmethod? on Reporting. 05-29-2020 08:20 AM
- Posted Re: How come our API results are only returning the first 100 results for metadata? on Getting Data In. 05-26-2020 09:37 AM
- Posted Re: how to export results from a saved search by name and not by job_id using Splunk's REST API? on Getting Data In. 05-02-2020 11:22 AM
- Posted Is it required to include the SID in order to access my saved searches via Splunk API? on Reporting. 04-28-2020 02:10 PM
- Tagged Is it required to include the SID in order to access my saved searches via Splunk API? on Reporting. 04-28-2020 02:10 PM
- Tagged Is it required to include the SID in order to access my saved searches via Splunk API? on Reporting. 04-28-2020 02:10 PM
- Tagged Is it required to include the SID in order to access my saved searches via Splunk API? on Reporting. 04-28-2020 02:10 PM
- Tagged Is it required to include the SID in order to access my saved searches via Splunk API? on Reporting. 04-28-2020 02:10 PM
- Tagged Is it required to include the SID in order to access my saved searches via Splunk API? on Reporting. 04-28-2020 02:10 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
06-09-2020
03:11 PM
I'm having this exact issue, I dont have admin rights to be cloning stuff into the search context, that is if this is what you did to resolve this. Is there anyway in powershell i can change my "app"
... View more
05-29-2020
11:46 AM
I don't know why it formatted it like this, but, it is what it is
... View more
05-29-2020
11:45 AM
i was just mentioning that my curl command had --insecure because it will throw ssl errors at you and not run if you dont because the site is not trusted/has an ssl cert
Skipping certs is just one line that I already have
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
But I'm to form the entire 10 other lines, i cant find a good example to work with when exporting a saved search
$search=""https://api.splunk.company.com:443/services/search/jobs/scheduler__username_c3NlX3NpdGVzY29wZV9wcm9kX3YwMQ__usernameapisearchv3_at_1590751800_36332_8CEC1426-6D01-4FD1-8F3C-31B0C726D471/results?count=0" <-- im trying to do something like this
#$search = $servar # Cmdlet handles urlencoding
$body = @{
search = $search
output_mode = "json"
earliest_time = "-31d"
latest_time = "-5d"
}
Invoke-RestMethod -Method get -Uri $url -Credential $cred -Body $body
Regards,
... View more
05-29-2020
10:52 AM
I appreciate the response.
I just can't seem to get the entire invoke-restmethod command down pat
I can work with the cert issue , i see where you can search splunk with invoke-restmethod.
I want to be able to have powershell invoke-restmethod and export a saved search
... View more
05-29-2020
09:43 AM
In the end i want the history for the sid and then i want to call:
curl --insecure -u username "https://api.splunk.company.com:443/services/search/jobs/Enter sid/results?count=0"
... View more
05-29-2020
08:20 AM
Hi All,
I need to turn this:
curl --insecure -k -u username "https://api.splunk.company.com:443/servicesNS/username/sse_sitescope_prod_v01/saved/searches/apisearchv3/history"
Into a PowerShell equivalent:
api.splunk.company.com:443 is not trusted, as it does not have an SSL cert.
I've read many examples, I just want to export this saved search using invoke-restmethod
Can anyone assist?
... View more
Labels
- Labels:
-
saved search
05-26-2020
09:37 AM
This is how I got mine to work, not sure the difference between mine and yours, but this worked for me
curl -k -u 'username:password' "https://api.company.com:443/services/search/jobs/$sidkey/results?count=0&output_mode=csv"
my sidkey is just the sid within a variable , change it to a valid sid
... View more
05-02-2020
11:22 AM
I would like to know how you send the curl history command on a saved search and then capture just the SID and then have it execute a {sid}/results, all in one shot , i know its a two step process but to automate this I will need to run history capture SID then run results on the SID.
Any thoughts
... View more
04-28-2020
02:10 PM
To access my saved searches via Splunk API, is it a must to include the SID? I only ask because the saved search is on a schedule and the SID changes after each time the search runs. Are there any other options to query the saved search without the use of the SID?
... View more
Labels
- Labels:
-
saved search
