How to use REST-API to retrieve the result of a | ...

rs8888 · ‎06-22-2018

Hi All,

Is there any sample that uses the "|pivot" in the REST API call and gets the search results data returned?

Currently, the REST API just returns some structural information such as fields, dataset.*, open_in_search, pivot_json, pivot_search but no data. Running the same query in the Splunk UI the data are returned correctly.

From what I read online, I gathered that the pivot returns instructions to run the searches, but none of the provided searches works. Even using the "| tstat" that is generated by pivot when ran in the RestAPI it never completes, it just ran forever. Whereas, running the "| tstat", command on UI sometimes returns data.

Calling /search/pivot returns structural information no SEARCH RESULT DATA
Calling /search/search "| tstat" it keeps running never completes.

If anyone had any success by executing the "|pivot " via REST API and got search results, please advise.

rs8888 · ‎06-22-2018

The API based on the information provided by the following URL, although all code are done in C# with standard Post/Get request using HTTPWebRequest -
https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

jkat54 · ‎06-22-2018

Perfect can you share the code you’re using for the rest call?

jkat54 · ‎06-22-2018

Can you share the details of your POST / GET request to the api?

How to use REST-API to retrieve the result of a | pivot ??

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!