This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12
Use the /services/streams/ endpoint to access streaming search results, such as Live Tail. For specific search results in other formats, use the search endpoint.
The /services/streams/search endpoint provides synchronous event search streaming service.
Executes a simple search (no pipe support).
| Argument | Purpose |
q | The simple search string to execute (with no leading 'search' command).. |
Response codes:
| Response | Status |
| 200 | Method executed successfully. |
The return content is raw event text in streaming format. There is no formatting, or timestamping on the data. Close the client connection to stop the search.
The /services/streams/livetail endpoint provides synchronous data input tailing service.
Streams raw data being received by Splunk.
| Argument | Purpose | |
q | The simple search string to execute (with no leading 'search' command). | to apply to the incoming data stream |
Response codes:
| Response | Status |
| 200 | Method executed successfully. |
The return content is raw event text in streaming format. There is no formatting, or timestamping on the data. Close the client connection to stop the search.