- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: splunk API from browser
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk API from browser
Hi all ,
I am using below url to get data from splunk
https://hostname:8089/v7/services/search/jobs/export?output_mode=json&search=search * | stats max(_time) AS _time BY "pctIdle" | sort 0 - _time | head 1|rename "pctIdle" AS Value |eval formatted=strftime(_time,"%25Y-%25m-%25d %25H:%25M:%25S%25z")
which is giving output continuously , even though i have mentioned head 1.
below is the actual query which gives one row.
* | stats max(_time) AS _time BY "pctIdle" | sort 0 - _time | head 1|rename "pctIdle" AS Value |eval formatted=strftime(_time,"%Y-%m-%d %H:%M:%S%z"
How do i achieve same from browser.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is expected behaviour as is documented here for the search/jobs/export endpoint:
"Stream search results as they become available."
https://docs.splunk.com/Documentation/Splunk/7.3.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport
To get only a single result (i.e. not streaming), you could send a POST-request to the search/jobs endpoint. However, afaik this is not easily done in a browser.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@drfk Can i post using browser
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There seem to be plugins for browsers that can do that, especially for testing REST APIs. However, you can better search for what you need yourself, as I wouldn't know any more about that.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue is not replicable in Splunk 7.2. Which version of Splunk you are using?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jawaharas I m using 7.2.7. I m getting continuous output like this , Is not the same case for you?
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"51.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":true,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
{"preview":false,"offset":0,"lastrow":true,"result":{"Value":"100.00","_time":"2019-09-02 14:08:56.000 AEST"}}
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
