Solved: Re: My initial REST call to search returned debug ...

teresa1688 · ‎03-13-2017

I have installed splunk on my pc (windows7) and start to play with REST web service calls to perform search. I can see search results in my online search page but not in the web service call. Any clue on what the issues may be? Thanks.

This is the command I use:
curl -k -u admin: https://localhost:8089/services/search/jobs/export -d output_mode=xml -d exec_mode=oneshot -d earliest_time=-60m -d latest_time=now -d search="search *"

The web service returned the following message:

<?xml version='1.0' encoding='UTF-8'?>
<results preview='0'>
<meta>
<fieldOrder />
</meta>
<messages>
  <msg type="DEBUG">Configuration initialization for C:\Program Files\Splunk\etc took 31ms when dispatching a search (search ID: 1489446839.10)</msg>
  <msg type="DEBUG">base lispy: [ AND ]</msg>
  <msg type="DEBUG">search context: user="admin", app="search", bs-pathname="C:\Program Files\Splunk\etc"</msg>
</messages>

</results>
<results preview='0'>
<meta>
<fieldOrder />
</meta>
</results>

teresa1688 · ‎03-21-2017

The issue is with using SOAPUI to replicate a cURL command.

View solution in original post

teresa1688 · ‎03-21-2017

The issue is with using SOAPUI to replicate a cURL command.

aaraneta_splunk · ‎03-21-2017

@teresa1688 - Glad to find that you figured out the solution. Please don't forget to click "Accept" to close out your question. Thank you.

teresa1688 · ‎03-21-2017

Please close this question since the issue has been resolved. The issue was with using SOAPUI to replicate a curl command.

My initial REST call to search returned debug information

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases