Hi All,
I am using the Splunk REST API (mainly search, savedsearch endpoints) to get data out of Splunk.
Currently I am trying to do the following:
1. Create a saved search
2. Dispatch said search to get SID
3. Check status of the job with given SID
4. Get the results of the job for SID back
Right now, I have steps 1,2, and 4 working fine.
I can run steps 1 and 2 in succession without issues. Step 3 I can run right after 1 and 2, but having issues.
Step 3, I can run it, but having issues here because it seems like I need to poll to get the status of the Job--is there a better way to handle this (mainly to check the status of the job)?
Step 4, I can run in isolation AFTER i have the SID, but cannot run 1,2,3,4 in succession.
Any suggestions on fixing step 3? I need to check the status and only continue when it is "DONE" but can't figure out a way to keep checking the status.
↧
REST API: Create Search, Dispatch, Get Status, and Results. How can I run this flow in succession?
↧