Tims Blog

Cry me a river mac people.

So Splunk 3.2 is really pissing me off. For the life of me I can’t figure out how to use the REST API. There’s something (ok a lot of things) that the online documentation just doesn’t tell you. I figured the syntax to create a new search would be similar (said identical) to how you use it in the Web UI…but it isn’t. The documentation on the site is literally starved for examples. I’d like to know how exactly they’re using the query parameters they describe, because I’ve used just about every incantation I can think of, and my searches don’t return didly squat.

You could say I’m very frustrated. I need to have it ready for a potential dire need at work and frankly it doesn’t look like it’s going to be ready. I don’t think Splunk is using their own REST API in their product either. The reason I say that is all the requests to /v3/ in 3.2. Didn’t you guys say that was deprecated?

• simplexml and namespaces
• gltrail
• monitor webpage changes with specto
• tuning postgresql for performance
• amazon drm free music and linux
• firecookie
• taffy db javascript database
• php predefined constants
• php universal feed generator
• git revert is not equivalent to svn revert
• command line automation with expect-lite
• pay me please
• 7 reasons you shouldn’t charge by the hour
• include – pack your javascript with ease
• highlight search results with javascript
• invoice machine
• porticus
• 5 steps to a DIY lifelock
• checkpoints and the background writer
• spec viewperf
• 7 ways to decrease your hours without harming your career
• pulling truly random rows from a table

This entry was posted on Monday, March 17th, 2008 at 10:44 am and is filed under doesnt-quite-fit dept. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.