Is there any way how I can get JSON raw data from Splunk for a given query?
Consider the following timechart query:
index=* earliest=<from_time> latest=<to_time> | timechart span=1s count
Key things in the query are: 1. Start/End Time, 2. Time Span (say sec) and 3. Value (say count)
The expected JSON response would be:
{"fields":["_time","count","_span"], "rows":[["2014-12-25T00:00:00.000-06:00","1460981","1"], ..., ["2014-12-25T01:00:00.000-06:00","536889","1"]]}
This is the XHR (ajax calls) for the output_mode=json_rows calls. This requires session and authentication setups.
I’m looking for a RESTful implementation of the same with authentication.
... View more