How can I get the data from http://localhost:8000/en-US/app/search/flashtimeline?auto_pause=true&q=search%20host%3D%22SOME_COMPU...
I want to get the data that fills the flashtimeline and the logs how do I get this thru the api?
There are good tutorials on how to interact with the REST API in the docs. This is a good starting point: http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT
Parameters such as search queries etc are sent as POST data only when interacting with the REST API. There are no corresponding GET parameters that do the same thing.
Ok this works for me using curl, but I need a URL with params that does the same thing.
curl -k -u admin:secretpassword -d 'search="search error | head 10"' -d "output_mode=csv"
https://localhost:8089/servicesNS/admin/search/search/jobs/export
You should also consider using the Splunk CLI for achieving the same thing - use "splunk search
OK, well you can use any tool you want for the job - curl is just one of them. You could use the Python SDK (https://github.com/splunk/splunk-sdk-python), the Splunk Resource Powershell Resource Kit (https://github.com/splunk/splunk-reskit-powershell), Perl's LWP, anything that lets you perform the necessary steps for interacting with Splunk through the REST API. The steps are outlined in the tutorial.
The search parameter in the post to /services/search/jobs should be "%22search%20host%3D'JAdams-LT'%20AND%20Error%22".
I want to pull back any logs with the word "Error" found in the sys log of host="JAdams-LT". I want this data by calling the API (NOT thru curl).
What are you missing from the tutorial I linked to? Searching for host="JAdams-LT" is done simply by issuing that as a search query. You need to be much more specific, I'd be glad to help but it's hard to know what your goal is, how far you have come towards achieving it, what works, what doesn't work, etc etc.
Do a search with the following field host="JAdams-LT"
Could you be a bit more specific regarding what you want to achieve?
The link doesn't help. This is close http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESToutput
But it still doesn't show how to get to the forwarders data by host.