Sumologic curl scripts

From UVOO Tech Wiki
Revision as of 15:03, 6 April 2023 by Busk (talk | contribs) (Created page with ".env ``` set -a API_ENDPOINT="https://api.us2.sumologic.com/api/v1/" SERVICE_ENDPOINT="https://api.us2.sumologic.com/api/" ACCESS_ID=<yourid> ACCESS_KEY=<yourkey> ``` ``` . ....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

.env 

set -a
API_ENDPOINT="https://api.us2.sumologic.com/api/v1/"
SERVICE_ENDPOINT="https://api.us2.sumologic.com/api/"
ACCESS_ID=<yourid>
ACCESS_KEY=<yourkey>

. .env

script 

#!/bin/bash
set -eu
shopt -s expand_aliases
alias scurl="curl -s -b cookies.txt -c cookies.txt -H 'Content-type: application/json' -H 'Accept: application/json'"
offset=0
limit=10000

json_file=$1
url1="${API_ENDPOINT}search/jobs"
url2=$(scurl -X POST -T ${json_file} --user "${ACCESS_ID}:${ACCESS_KEY}" "$url1" | jq -r .link.href)
echo $url2
while true; do
  sleep 5
  url2_state=$(scurl -X GET  --user "$ACCESS_ID:$ACCESS_KEY" "$url2" | jq -r .state)
  echo "state: $url2_state"
  if [ "$url2_state" = "DONE GATHERING RESULTS" ]; then
    scurl -X GET  --user "$ACCESS_ID:$ACCESS_KEY" "$url2/messages?offset=$offset&limit=$limit" | jq
    exit
  else
    echo NOT DONE GATHERING RESULTS
  fi
done

test.json 

{
  "query": "_dataTier=Infrequent AND _sourceHost=\"somesource.example.com\" AND \"Some Text\" | parse \"Client:*:\" as smtp_client_ip | count_frequent(smtp_client_ip)",
  "from": "2023-04-04T00:00:00",
  "to": "2023-04-04T01:00:00",
  "timeZone": "MST",
  "byReceiptTime": true
}

./get.sh test.json
Retrieved from "https://tech.uvoo.io/index.php?title=Sumologic_curl_scripts&oldid=3982"