I am trying to query the splunk API and getting empty search as response. Not sure what is missing here.
import urllib3,json
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
http_noproxy = urllib3.PoolManager(cert_reqs='CERT_NONE')
def get_data():
headers = {
"Content-Type": "application/json",
"Accept": "application/json",
"Authorization": "Basic <BASE64>"
}
url = 'URL'
data = {
"output_mode": "json",
'search': 'QUERY'
}
encoded_data = json.dumps(data).encode('utf-8')
resp = http_noproxy.request('POST',url, headers=headers, body=encoded_data)
print(resp.data.decode('utf-8'))
I am getting below response.
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="FATAL">Empty search.</msg>
</messages>
</response>
It would help to know the endpoint you are using (the URL), but the Splunk REST API does not use JSON. Send the unencoded request as application/text.
See the Python example in the Splunk REST API Tutorial at https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTTUT/RESTsearches#Python_example