I have a requirement to export a JSON file to a remote location. The file would be a feed to REST, which performs some action.
I am a beginner here and trying to explore the various capabilities I can achieve via Splunk.
Prompt response would be highly appreciated.
Cheers!!!!
Sure you can export data to JSON from splunk:
If you're looking to automate the process, everything from the REST API is in JSON format, so just learn how to use the REST API instead:
Hey Jkat,
Any Idea for the implementation using Java?
sorry but I dont write/speak java often enough to have splunk examples. I recommend starting with the SDK:; http://dev.splunk.com/java
I also recommend using python instead because its almost always installed contrary to java.
OK,
So lets talk about next step.
Supposing we have the code for exporting the json to remote dir.
How shall we proceed next.
I mean do we need to deploy the code in the Splunk hosting server?
Please help me to follow this.
You would deploy the code wherever you want to execute the code and change the URL you call in the code accordingly. If the splunk server is at splunkserver.mydomain.com, then you'd update the url in your code/configuration as such, and make sure the firewall ports were open.
Since your end goal is to drop the JSON on a remote server, you might consider running the code on that remote server and dropping the JSON to the filesystem there. If the destination of the JSON is another API, then you could just as easily PUSH / PUT the JSON into the destination's API.
Hey Jkat,
It was a typo for JASON :).My Apology.
Do you have Python script handy which I can use to get the json export for required search from the remote machine.
Perhaps I can simulate it in java.
Thanks Jkat for your prompt response.
Yes, I wish to automate the process.
1.Want to run a search.
2.Save the search result in JASON format .
3.Send the file to remote location.
Its JSON not JASON. JASON = boys name, JSON = JavaScript Object Notation
For that you will need to follow the restapi tutorial as it explains how to get an authentication token and run a search using curl:
http://docs.splunk.com/Documentation/Splunk/6.4.1/RESTTUT/RESTsearches
I prefer to use python and requests/url2lib/url3lib. Here's a snippet of a python function to get the security key:
import requests, re, json
def getSession(username,password):
uri = "https://localhost:8089/services/auth/login"
r = requests.get(uri, data={'username':username,'password':password}, verify=False)
sessionkey = re.sub('"',"",json.dumps(re.sub('<response>\n\s+<sessionKey>|<\/sessionKey>\n<\/response>\n',"",r.text)))
return sessionkey
And then here is a snippet of using that key in conjuction with with requests.post():
uri = "https://localhost:8089/services/SOME_ENDPOINT"
headers = {'Authorization':''}
headers['Authorization'] = 'Splunk ' + getSession("username","password")
data="json data the endpoint expects"
r = requests.post(uri, headers=headers, data=data, verify=False)