Splunk Enterprise

Get the data through restAPI

beebeandwer
Path Finder

Can I use rest to request and return some defined research or report. The returned format is XML or Jason.
For example: I have research: name: Category
Then use curl -k -u beebe:passwd http://localhost:8089/services/saved/searches/Category. It returns some info not related the real data like the count of people who bought candy in the search.
I want obtain the real data in the search not some configure info.

Tags (1)
0 Karma

psanford_splunk
Splunk Employee
Splunk Employee

You actually have to dispatch the saved search. Check this out: http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTsearch#saved.2Fsearches.2F.7Bname.7D....

Then take the results within the tags and get the results from the job. Details here: http://docs.splunk.com/Documentation/Splunk/5.0.2/RESTAPI/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D...

Also, if you are using a language for which we have an SDK - you can find more detail here on how to work with saved searches and those: http://dev.splunk.com/view/sdks-apis/SP-CAAADP7

0 Karma

beebeandwer
Path Finder

Okay I know. But how can I get the ID of report not search.
Then I need to get the data of the report.

0 Karma

psanford_splunk
Splunk Employee
Splunk Employee

Edited response above. You then pass in the search id to the job to get the results.

0 Karma

beebeandwer
Path Finder

The returned data is like below:
<?xml version='1.0' encoding='UTF-8'?>
admin_admin_search_X1NjaGVkdWxlZFZpZXdfX015Vmlldw_at_1311805021_c24ff1ea77ad714b
I don't know what is used for.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...