I have one API : [GET] http:localhost:8080/myservice/fetchdetails.
Now, I want to raise splunk alert whenever this API is down for any reason.
So, I have my search query as |eval ['http:localhost:8080/myservice/fetchdetails'] | search status=20* to monitor the API.
But it is not fetching me any result. What should be the search query such that it makes a get call to the API and then capture the response status?
Based on your expanded question, you're going to need to actually get that REST endpoint's data into Splunk
There are at least two ways to do this
First - use the REST API Modular Input and ingest data from the endpoint. If you don't get data within some timeframe...send an Email.
Second - create your own scripted input that periodically hits your endpoint (maybe with wget or curl), and reports an HTTP status code into Splunk. Your Alert can then check to see if the code isn't 200 (or whatever else you want to consider "valid"). If it's "invalid", send an email.