Export data using the Splunk REST API
Use the Splunk REST API to access data from the command line or a Web browser.
REST API access for Splunk Cloud Platform deployments
If you have a Splunk Cloud Platform deployment and you want to use the Splunk REST API, file a Support ticket requesting the API to be enabled. Free trial Splunk Cloud Platform accounts cannot access the REST API. See Using the REST API with Splunk Cloud Platform in the REST API Tutorials for more details.
Export data
Exporting data starts with running a search job to generate results. You can then export this search result data to a file.
- Run a search job using a POST to /services/search/jobs/. If you are using a custom time range, pass it in with the POST request.curl -k -u admin:changeme \ https://localhost:8089/services/search/jobs/ -d search="search sourcetype=access_* earliest=-7d"
- Get the search job ID (SID) for the search.
The /jobsendpoint returns an XML response including the<sid>, or search job ID.<?xml version='1.0' encoding='UTF-8'?> <response> <sid>1423855196.339</sid> </response>You can also get the search job ID by viewing the job in the Search Job Inspector. in Splunk Web. Navigate to Activity > Jobs to open the Job Manager. Locate the search job that you just ran and click Inspect. The Search Job Inspector opens in a separate window. See View the properties of a search job. 
- Use a GET request on the /resultsendpoint to export the search results to a file. Ensure that you do the following in the GET request:- Identify your object endpoints.
To see a list of currently available object endpoints for your user, within your app, navigate to https://localhost:8089/servicesNS/<user>/<app>/.For example:https://localhost:8089/servicesNS/admin/search/saved/searches/
- Identify the search job user and app.
The following example defines <user>asadminand<app>assearch.
- Identify an output format.
Use theoutput_modeparameter to specify one of the following available output formats. Use lower case for the format name, as shown here.atom | csv | json | json_cols | json_rows | raw | xmlThis example exports search results to a JSON file.curl -u admin:changeme \ -k https://localhost:8089/servicesNS/admin/search/search/jobs/1423855196.339/results/ \ --get -d output_mode=json -d count=5
 
- Identify your object endpoints.
See also
For more details about the /jobs and /export endpoints, see the following information in the REST API Reference.