如下:

  1. curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="search source=\"http:hec_test\" | head 5"
  2. curl -u admin:changeme -k https://localhost:8089/services/search/jobs/1481684877.17/results/ --get -d output_mode=csv

更智能点:

  1. sid=`curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="search source=\"http:hec_test\" refresh" 2>/dev/null | sed "1,2d" | sed "2d" | sed "s/.*>\([0-9]*\.[0-9]*\)<.*/\1/"`
  2. echo $sid
  3. curl -u admin:changeme -k https://localhost:8089/services/search/jobs/$sid/results/ --get -d output_mode=json 2>/dev/null >out.json

python实现:

  1. #!/usr/bin/python -u
  2.  
  3. import urllib
  4. import httplib2
  5. from xml.dom import minidom
  6. import time
  7. import json
  8.  
  9. # The same python implementation for curl function
  10. '''
  11. sid=`curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="search source=\"http:hec_test\" refresh | head 21" 2>/dev/null | sed "1,2d" | sed "2d" | sed "s/.*>\([0-9]*\.[0-9]*\)<.*/\1/"`
  12. echo $sid
  13. curl -u admin:changeme -k https://localhost:8089/services/search/jobs/$sid?output_mode=json
  14. curl -u admin:changeme -k https://localhost:8089/services/search/jobs/$sid/results/ --get -d output_mode=json 2>/dev/null >out.json
  15. '''
  16.  
  17. class SplunkQuery(object):
  18.     def __init__(self):
  19.         self.baseurl = 'https://localhost:8089'
  20.         self.userName = 'admin'
  21.         self.password = 'changeme'
  22.         self.sessionKey = self.get_key()
  23.  
  24.     def get_key(self):
  25.         server_content = httplib2.Http(disable_ssl_certificate_validation=True).request(self.baseurl + '/services/auth/login', 'POST', headers={}, body=urllib.urlencode({'username':self.userName, 'password':self.password}))[1]
  26.         session_key = minidom.parseString(server_content).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
  27.         return session_key
  28.  
  29.     def submit_job(self, search_query):
  30.         # check if the query has the search operator
  31.         if not search_query.startswith('search'):
  32.             search_query = 'search ' + search_query
  33.         sid_body = httplib2.Http(disable_ssl_certificate_validation=True).request(self.baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % self.sessionKey},body=urllib.urlencode({'search': search_query}))[1]
  34.         sid = minidom.parseString(sid_body).getElementsByTagName("sid")[0].childNodes[0].nodeValue
  35.         print "sid:", sid
  36.         return sid
  37.  
  38.     def request_results(self, sid):
  39.         start = time.time()
  40.         response = httplib2.Http(disable_ssl_certificate_validation=True).request(self.baseurl + '/services/search/jobs/' + sid + "?output_mode=json", 'POST', headers={'Authorization': 'Splunk %s' % self.sessionKey},body=urllib.urlencode({}))[1]
  41.         data = json.loads(response)
  42.         while not data["entry"][0]["content"]["isDone"]:
  43.             time.sleep(0.001)
  44.             response = httplib2.Http(disable_ssl_certificate_validation=True).request(self.baseurl + '/services/search/jobs/' + sid + "?output_mode=json", 'POST', headers={'Authorization': 'Splunk %s' % self.sessionKey},body=urllib.urlencode({}))[1]
  45.             data = json.loads(response)
  46.         request_time = time.time()-start
  47.         print "result event count:", data["entry"][0]["content"]["eventCount"], "request time:", request_time
  48.         result_response = httplib2.Http(disable_ssl_certificate_validation=True).request(self.baseurl + '/services/search/jobs/' + sid + "/results", 'GET', headers={'Authorization': 'Splunk %s' % self.sessionKey},body=urllib.urlencode({"output_mode": "json"}))[1]
  49.         results = json.loads(result_response)["results"]
  50.         assert data["entry"][0]["content"]["eventCount"] == len(results)
  51.         end = time.time()
  52.         print "result count:", len(results), "result request time:", end-start
  53.         return results
  54.  
  55.     def run(self, searchQuery):
  56.         start = time.time()
  57.         sid = self.submit_job(searchQuery)
  58.         self.request_results(sid)
  59.         end = time.time()
  60.         print "search time:", end-start
  61.         return start-end
  62.  
  63. Q = SplunkQuery()
  64. Q.run(searchQuery = 'sourcetype=hec_test | head 5')

参考:http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTTUT/RESTsearches

splunk rest api search的更多相关文章

  1. 小记SharePoint REST API Search和COM

    1.管理员身份Visual Studio,新建类项目 SPCOM 2.编写逻辑实现代码 重点关注搜索结果的属性包括: Title,Author,Path,Description,HitHighligh ...

  2. ElasticSearch(十四) _search api search timeout 机制

    语法:timeout=10ms,timeout=1s,timeout=1m GET /_search?timeout=10m timeout:默认无timeout,latency平衡completen ...

  3. splunk中mongodb作用——存用户相关数据如会话、搜索结果等

    About the app key value store The app key value store (or KV store) provides a way to save and retri ...

  4. Splunk Enterprise architecture——转发器本质上是日志收集client附加负载均衡,indexer是分布式索引,外加一个集中式管理协调的中心节点

    Splunk Enterprise architecture and processes This topic discusses the internal architecture and proc ...

  5. 使用SPLUNK进行简单Threat Hunting

    通过订阅网上公开的恶意ip库(威胁情报),与SIEM平台中网络流量日志进行匹配,获得安全事件告警. 比如,这里有一个malware urls数据下载的网站,每天更新一次: https://urlhau ...

  6. .net 调用java rest ful api 实例

    注意post的参数组合 HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest; request.Method = &quo ...

  7. 百度音乐API抓取

    百度音乐API抓取 前段时间做了一个本地音乐的播放器 github地址,想实现在线播放的功能,于是到处寻找API,很遗憾,不是歌曲不全就是质量不高.在网上发现这么一个APIMRASONG博客,有“获取 ...

  8. c# 请求api获得json数据

    public static string HttpGet(string Url) { HttpWebRequest request = (HttpWebRequest)WebRequest.Creat ...

  9. (07)odoo扩展API

    * 打开XML-RPC 连接    >>> import xmlrpclib    >>> srv, db = 'http://localhost:8069', ' ...

随机推荐

  1. poj 2007 Scrambled Polygon(极角排序)

    http://poj.org/problem?id=2007 Time Limit: 1000MS   Memory Limit: 30000K Total Submissions: 6701   A ...

  2. 【网络流24题----03】Air Raid最小路径覆盖

    Air Raid Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)Total Su ...

  3. wordpress中文标签无法访问的解决方法

    wordpress中文标签无法访问的解决方法  爱好  2年前 (2014-05-29)  7,601  8 当博客从华夏名网转移到阿里云之后,发现了不少问题,其中一个就是wordpress中文标签无 ...

  4. 转 Cocos网络篇[3.2](3) ——Socket连接(1)

    Cocos网络篇[3.2](3) ——Socket连接(1) 2015-03-05 22:24:13 标签:network http socket cocos [唠叨] 在客户端游戏开发中,使用HTT ...

  5. HDU3247 AC自动机+dp

    题意:给出n个资源,m个病毒,将资源串拼接成一个串,必须包含所有的资源串,可以重叠,但是不能包含病毒,问最小的长度为多少 题解:所有串建AC自动机.对以资源串结尾的结点跑bfs,求出到其他资源串结尾的 ...

  6. UVA 11468【AC自动机+DP】

    dp[i][j]表示走了i步走到j结点的概率.初始值dp[0][0] = 1.当走到的结点不是单词尾结点时,才能走过去. !end[i]&&last[i] == root时,该结点才可 ...

  7. mongoDB 修改器()

    -----------------------------------2016-5-26 15:56:57-- source:[1],MongoDB更新操作符

  8. hdu 5317 RGCDQ(前缀和)

    题目链接:hdu 5317 这题看数据量就知道需要先预处理,然后对每个询问都需要在 O(logn) 以下的复杂度求出,由数学规律可以推出 1 <= F(x) <= 7,所以对每组(L, R ...

  9. 移动端 meta

    摘自http://www.cnblogs.com/shxydx/articles/2856882.html   控制显示区域各种属性: <meta content="width=dev ...

  10. JavaMail 发送邮件案例

    #----------------这两个是构建session必须的字段---------- #smtp服务器 mail.smtp.host=smtp.exmail.qq.com #身份验证 mail. ...