Using Curl to Query Splunk

Do the Search

The search will run in the background.

curl -k -u joel:"Not my real passw0rd" -d index='birdfart' -d host='host www*' -d search='search messagestoparse*' -d output_mode=json

Next. Check the status of the search

Just look on this until you get the result dispatchState is true. If you want to pipe it into "python -m json.tool”, you can see the entire output.

curl -s -k -u joel:"Not my real passw0rd"  | grep dispatchState

Finally Retrieve your results

curl -s -k -u jg063194:”Not my real passw0rd”

Joel Griffiths

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top