- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Can i use rest API to see the latest result of a ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the web Interface of Splunk - Saved Searches. One can view the latest result of a saved search.
This wil give the user the information without doing the search over again.
Does anybody have a way or an example on how to to get these result out using PHP, Curl og even Powershell?
Thanks in advance.
kai
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With the REST API you could use /saved/searches/{name}/history to get all jobs, which will then return links to /search/jobs/{search_id} which is links or a minor url modification away from /search/jobs/{search_id}/results
There are examples all through the RESTREF doc that should help you out.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This wil give me much more to work With.
thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With the REST API you could use /saved/searches/{name}/history to get all jobs, which will then return links to /search/jobs/{search_id} which is links or a minor url modification away from /search/jobs/{search_id}/results
There are examples all through the RESTREF doc that should help you out.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have an examle of this script?
I thought that this only worked with a live search. That for instanc $5 only has information when it ran a search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This script will run when your schedule search will run.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am not sure about rest API, but you can create a script and you can use Splunk arguments to fectch the results, results will be in .tar.gz format, so you have to extract result with your script.
Ref. for splunk argument: http://docs.splunk.com/Documentation/Splunk/6.2.2/Alert/Configuringscriptedalerts#Access_arguments_t...
Updated Team Landing Page in Splunk Observability
New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
