- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How do I use the REST API?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been trying to follow the instructions on the following site:
http://dev.splunk.com/view/SP-CAAADQT
However, I keep getting the issue that the page cannot be found (I'll paste the exact output I get from the following call at the bottom). I might be missing a step so please let me know if there's something else I need to do first. Thanks in advance.
This call (note that I do not use https b/c the secure connection was not found at all)
curl -u admin:
outputs
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
This is a static HTML string template to render errors. To edit this
template, see appserver/mrsparkle/lib/error.py.
-->
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'll have to talk to Splunk's management port (default 8089), not the Splunkweb port (default 8000). It also speaks https.
Also, the URL you tried "/servicesNS/admin/search" is incomplete. That just says "for the admin user in the search app context...". An example might be: https://127.0.0.1:8089/servicesNS/admin/search/saved/searches" to list the saved searches visible to the admin user in the search app. Some good examples are found here (Splunk docs) as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You're using the wrong port. Port 8000 is Splunk's regular web interface. The REST API is available on port 8089 (over HTTPS).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'll have to talk to Splunk's management port (default 8089), not the Splunkweb port (default 8000). It also speaks https.
Also, the URL you tried "/servicesNS/admin/search" is incomplete. That just says "for the admin user in the search app context...". An example might be: https://127.0.0.1:8089/servicesNS/admin/search/saved/searches" to list the saved searches visible to the admin user in the search app. Some good examples are found here (Splunk docs) as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The REST API is for talking to the management port of "a" Splunk instance. You can talk REST to a forwarder, but it won't have a lot to say. You don't need the forwarder to query the server (indexer).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@sowings -
Thanks, that helps. One last question (remember I'm a newbie with the REST API).. I'm assuming that I don't need to set up a forwarder on the server I want to get REST API calls from since these calls use http methods. Am I correct or is a forwarder still needed for whatever reason?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Note that I'm a newbie to REST API calls so bare with me. Thanks!
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
