I am trying to fetch results using REST API from Saved Search and getting empty response. My command is like this...
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d"search=search sourcetype="estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl"
Got response sid in below XML format:
I used this sid in the below command
curl -u admin:changeme -k https://tus1crsappdex215:8089/services/search/jobs/1303166708.128/results/
Please advise me if I am doing something wrong.
You have at least one problem here with your POST. You have to escape the = with %3d in the sourcetype=...
Could you try:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
You can also try the "export" mode:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
This gives you the results directly. If you want CSV out, you can run this as:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl&output_mode=csv'
For export, output_mode=csv is a new addition to 4.2. You will have to upgrade to get this. You can replace export with "oneshot" to get csv out in 4.1.x.
It worked. But one issue is still there. I am trying to export csv format file and it seems always returning xml format.
Here is my command
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"ebe_abs" PSN earliest%3d-4d&output_mode=csv' >> exporteddata.csv
Can you please advise on this.
Thanks,
Rajiv
Great. It worked.
Thanks Stephen!
You have at least one problem here with your POST. You have to escape the = with %3d in the sourcetype=...
Could you try:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
You can also try the "export" mode:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl'
This gives you the results directly. If you want CSV out, you can run this as:
curl -u admin:changeme -k https://localhost:8089/services/search/jobs/export -d'search=search sourcetype%3d"estore-om_app" com.symantec.ecom.ep.service.misc.impl.SymEpDataCenterServiceImpl&output_mode=csv'
HI
I have this issue too, I check by search with your point but it not work
https://community.splunk.com/t5/forums/editpage/board-id/splunk-search/message-id/155815
can you help me?
It worked. Thanks Stephen!