Created
July 13, 2015 00:00
-
-
Save packetchef/caf221be869f45d3767c to your computer and use it in GitHub Desktop.
Example of asynchronous search in Splunk with loop to check job status and default output in JSON.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SERVER="https://splunk_server:8089" | |
| QUERY="search sourcetype=dhcp earliest=-4h" | |
| SEARCH_JOBS_URI="services/search/jobs" | |
| SEARCH=$(curl -s -k "$SERVER/$SEARCH_JOBS_URI" -d search="$QUERY") | |
| JOB_SID=$(sed -E 's/^.*<sid>(.*)<\/sid>.*/\1/' <<< $SEARCH) | |
| echo "JOB_SID: $JOB_SID" | |
| job_done() { | |
| echo "Job is done!" | |
| } | |
| job_timeout() { | |
| echo "Job queue timed out for SID $JOB_SID" | |
| } | |
| show_results_json() { | |
| RESULTS_JSON=$(curl -s -k "$SERVER/$SEARCH_JOBS_URI/$JOB_SID/results" --get -d output_mode=json) | |
| echo $RESULTS_JSON | |
| } | |
| # Check job status up to CHECK_COUNT times | |
| CHECK_COUNT=2 | |
| for CHECK in $(seq 1 $CHECK_COUNT) | |
| do | |
| echo "Checking status for $JOB_SID... press Ctrl+C to break (run #$CHECK)" | |
| JOB_STATUS=$(curl -s -k "$SERVER/$SEARCH_JOBS_URI/$JOB_SID" | grep -E -o 'isDone">[0-9]+' | grep -E -o '[0-9]+') | |
| echo "Job status: $JOB_STATUS" | |
| if [ $JOB_STATUS == 1 ]; then | |
| job_done | |
| show_results_json | |
| exit 0 | |
| else | |
| sleep 1 | |
| fi | |
| if [ $CHECK == $CHECK_COUNT ]; then | |
| job_timeout | |
| exit 1 | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment