REAL TIME
(base) SreeMacMin16GB-1199:Pexels sree$ curl localhost:7000
[ansible@b9a1e4332a03 splunk]$ sudo ./bin/splunk rtsearch 'index=web-uf_index'
172.20.0.1 - - [01/Apr/2021:17:58:07 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.65.2”
NOT REALTIME
[ansible@b9a1e4332a03 splunk]$ sudo ./bin/splunk search 'index=web-uf_index'
172.20.0.1 - - [01/Apr/2021:17:58:07 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.65.2"
[ansible@b9a1e4332a03 splunk]$ sudo ./bin/splunk search 'index=web-uf_index status 200'
[ansible@b9a1e4332a03 splunk]$ sudo ./bin/splunk search 'index=web-uf_index status=200'
172.20.0.1 - - [01/Apr/2021:17:58:07 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.65.2"
[ansible@b9a1e4332a03 splunk]$
REST / CURL
https://docs.splunk.com/Documentation/SplunkCloud/8.1.2012/RESTTUT/RESTsearches
curl -k https://52.12.90.89:8088/services/collector/health {"text":"HEC is healthy","code":17}
HTTPS!!!!!!! curl -k https://52.12.90.89:8088/services/collector/event \ -H "Authorization: Splunk edc2b152-2e32-41db-ad62-72f3a9ae7c5b" \ -d '{"event": "test event", "sourcetype": "manualevent", "index": "sree"}' {"text":"Success","code":0} HTTP curl -k http://52.12.90.89:8088/services/collector/event \ -H "Authorization: Splunk edc2b152-2e32-41db-ad62-72f3a9ae7c5b" \ -d '{"event": "test event", "sourcetype": "manualevent", "index": "sree"}' curl: (56) Recv failure: Connection reset by peer
curl -k https://52.12.90.89:8088/services/collector/event \ -H "Authorization: Splunk edc2b152-2e32-41db-ad62-72f3a9ae7c5b" \ -d '{"event": "test event", "sourcetype": "manualevent", "index": "tutorialdata"}' {"text":"Success","code":0}
10/15/24
2:20:51.000 PM
test event
host = 52.12.90.89:8088source = http:splunkhectokensourcetype = manual_event
curl -k https://52.12.90.89:8088/services/collector \ -H "Authorization: Splunk edc2b152-2e32-41db-ad62-72f3a9ae7c5b" \ -d '{"time": 1609459200, "event": "metric", "sourcetype": "json", "index": "sreem", "fields": {"cpuusage": 70}}'
{"text":"Success","code":0}
curl -k https://52.12.90.89:8088/services/collector -H "Authorization: Splunk edc2b152-2e32-41db-ad62-72f3a9ae7c5b" -d '{"time": 1609459200, "event": "metric", "sourcetype": "json", "index": "sreem", "fields": {"cpuusage": 70}}' {"text":"Success","code":0}
curl -k https://52.12.90.89:8089/services/search/jobs \
-u admin:admin123 \ -d search="search index=tutorial_data sourcetype=access_combined_wcookie | head 10"
<?xml version="1.0" encoding="UTF-8"?>
curl -k https://52.12.90.89:8089/services/search/jobs/1729003477.4/results \ -u admin:admin123
curl -k https://52.12.90.89:8089/services/search/jobs/1729003477.4/results \
-u admin:admin123<?xml version='1.0' encoding='UTF-8'?>
bkt cd indextime raw serial si sourcetype time host index linecount source sourcetype splunkserver <field k='bkt'> <field k='cd'> tutorialdata~0~3189181B-C3AA-457D-800E-23216C08717E 0:729939 1728981022 91.205.189.15 - - [14/Oct/2024:18:22:16] "GET /oldlink?itemId=EST-14&JSESSIONID=SD6SL7FF7ADFF53113 HTTP 1.1" 200 1665 "http://www.buttercupgames.com/oldlink?itemId=EST-14" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5" 159 0 <field k='sourcetype'> f5fb7215a97f tutorialdata accesscombinedwcookie 2024-10-14T18:22:16.000+00:00 www2 tutorialdata 1 tutorialdata.zip:./www2/access.log <field k='splunkserver'> accesscombinedwcookie f5fb7215a97f <field k='cd'> tutorialdata~0~3189181B-C3AA-457D-800E-23216C08717E 0:729929 1728981022 91.205.189.15 - - [14/Oct/2024:18:22:15] "GET /category.screen?categoryId=SHOOTER&JSESSIONID=SD6SL7FF7ADFF53113 HTTP 1.1" 200 1369 "http://www.google.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5" 779 1 <field k='sourcetype'> f5fb7215a97f tutorialdata accesscombinedwcookie 2024-10-14T18:22:15.000+00:00 www2 tutorialdata 1 tutorialdata.zip:./www2/access.log <field k='splunkserver'> accesscombinedwcookie f5fb7215a97f