Hello All
I need to send a request to Splunk API from a Linux server but the Curl is complaining because the search argument is too long (could be up to 500000 chars). my question is: how we can use @myFile.spl to query splunk api?
This is what I have done so far but no luck yet
curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d search=`echo $myVar` error Argument list too long
curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d @query2.spl (Format1 in query2.spl file--> "search= | search index=myIndex ...." up to 500000 char) error {"messages":[{"type":"FATAL","text":"Empty search."}]}
curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d @query2.spl (Format2 in query2.spl file --> search= "| search index=myIndex ...." up to 500000 char -- difference with 3 is quotes position) error {"messages":[{"type":"ERROR","text":"Error in 'SearchParser': Missing a search command before '\"'. Error at position '0' of search query '\"| search index...."
curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d search=@query2.spl (Format2 in query2.spl file --> "| search index=myIndex ...." up to 500000 char -- difference with 3 is quotes position) error {"messages":[{"type":"ERROR","text":"Error in 'SearchParser': Missing a search command before '@'. Error at position '0' of search query '@query2.spl'.","help":""}]}
... View more