Download raw Splunk logs via api

vj_hawk21 · ‎10-14-2020

Team,

how to remotely execute a search and download the search results and store in a shared drive or a CSV file.

vj_hawk21 · ‎10-15-2020

Hi @rnowitzki

Thanks for your response.

I have created the search but not able to find its sid/vsid/searc_id.. how to identify the SID?

Thx

VJ

rnowitzki · ‎10-16-2020

Hi @vj_hawk21 ,

When you created the Job, the sid was in the response.

 <sid>1258421375.19</sid>

Also, you can get a list of your searches with

curl -u admin:changeme -k https://localhost:8089/services/search/jobs/

BR
Ralph

--
Karma and/or Solution tagging appreciated.

rnowitzki · ‎10-15-2020

Hi @vj_hawk21,

Please check the documentation about the REST API:

https://docs.splunk.com/Documentation/Splunk/8.0.6/RESTTUT/RESTsearches

You create a search job, get the sid back and with the sid you can get the results.

To receive the results as csv, you would have to use output_mode=csv as indicated here.

BR
Ralph

--
Karma and/or Solution tagging appreciated.

Download raw Splunk logs via api

metrics

using Splunk Enterprise

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Are you a member of the Splunk Community?

Download raw Splunk logs via api

metrics

using Splunk Enterprise

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!