Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

a212830
Champion
‎05-23-2016 12:26 PM

Hi,

I have the following rest call on a new 6.4 environment, and it's coming back with error:

curl: (56) Failure when receiving data from the peer

Not sure what's wrong...

curl -k -u  admin:pass -k http://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

The admin account has all the reset capabilities enabled on it.

Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 12:41 PM

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

View solution in original post

Reply
Solved! Jump to solution

highsplunker
Contributor
‎04-15-2020 01:59 PM

thanks a lot, helped me!
question: why this search does not work

curl -ku admin
http://myserver:8089/services/search/jobs/export
-d search= "| makeresults | eval amount=1001, score=777 "

?

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 12:41 PM

You gave it http instead of https and -k twice (which means ignore ssl issues). Providing -k twice isn't required.

 curl -k -u admin https://myhost:8089/servicesNS/-/-/search/jobs/export -d search="search index=_internal|head 2 |table sourcetype, eventtype, source, host" -d output_mode=csv

You don't need the -k if it isn't https OR if the certificate is valid for the connection.

Reply
Solved! Jump to solution

supabuck
Path Finder
‎08-22-2016 12:20 PM

I had the same issue, and this method worked for me. Thank you jkat!

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎05-07-2017 08:33 AM

@a212830, did this answer work for you? If so, can you please mark it as the answer?

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎06-14-2017 02:12 PM

@a212830 can you come back to this thread please?

0 Karma
Reply
Solved! Jump to solution

highsplunker
Contributor
‎04-15-2020 02:01 PM

it works fine! thanks!
could you tell please why this does not work
curl -ku admin http://myserver:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎04-15-2020 02:21 PM

Because the splunk rest api uses HTTPS protocol.

0 Karma
Reply
Solved! Jump to solution

highsplunker
Contributor
‎04-15-2020 02:27 PM

sorry, i meant this
curl -k -u admin https://localhost:8089/services/search/jobs/export -d search= "| makeresults | eval amount=1001, score=777 "
<-- this does not work...

I'm playing with Google's GCP, temporarily installed a "little" Splunk version there. And something is wrong with the access point. It perfectly worked at my job.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎04-24-2020 06:19 AM

Please create a new question with these details.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...