Getting Data In

Can we use REST API call to re-authenticate search peers?

philip_wong
Communicator

It's very pain to re-enter username/password when we have almost 100 search peers.

1 Solution

MuS
SplunkTrust
SplunkTrust

Hi philip.wong,

you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf

But if you need to / want to / have to / insist to use the REST API you can run something like this:

curl  -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>

The result will look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>distsearch-peer</title>
  <id>https://127.0.0.1:8089/services/search/distributed/peers</id>
  <updated>2014-11-24T09:10:54+01:00</updated>
  <generator build="213098" version="6.1.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>servername:8089</title>
    <id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
    <updated>2014-11-24T09:10:54+01:00</updated>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build">213098</s:key>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="guid">SomeKey</s:key>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature">EvenMoreKeys</s:key>
        <s:key name="peerName">servername</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="remote_session">MuchMoreKeys</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="rtsearch_enabled">1</s:key>
        <s:key name="startup_time">1416801414</s:key>
        <s:key name="status">Up</s:key>
        <s:key name="version">6.1.2</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

hope this helps ...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi philip.wong,

you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf

But if you need to / want to / have to / insist to use the REST API you can run something like this:

curl  -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>

The result will look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>distsearch-peer</title>
  <id>https://127.0.0.1:8089/services/search/distributed/peers</id>
  <updated>2014-11-24T09:10:54+01:00</updated>
  <generator build="213098" version="6.1.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>servername:8089</title>
    <id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
    <updated>2014-11-24T09:10:54+01:00</updated>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build">213098</s:key>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="guid">SomeKey</s:key>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature">EvenMoreKeys</s:key>
        <s:key name="peerName">servername</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="remote_session">MuchMoreKeys</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="rtsearch_enabled">1</s:key>
        <s:key name="startup_time">1416801414</s:key>
        <s:key name="status">Up</s:key>
        <s:key name="version">6.1.2</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

hope this helps ...

cheers, MuS

philip_wong
Communicator

We got some file permission errors after moving to SHP while running the CLI you mentioned. I'm going to raise support ticket for that.

Now we prefer not to login the search head and run CLI but using REST API
My question is, can we use REST API to re-auth/remove search peers?

I just tested and be able to answer post of this.
To remove a search peer can do by this.

curl -k https://$host:$port/services/search/distributed/peers/$peer_host:$peer_port --request DELETE

I tried "--request POST -remoteUsername -remotePassword" but doesn't work to add a search peer.
Can you advise what's wrong??

Thank you!

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi, I don't see the point why it should be different using the REST API....but then I don't know your use case 😉 So see my updated answer to get the REST API command to add a search peer. You're welcome 🙂

0 Karma

philip_wong
Communicator

Can you simply tell me how to add search peer to a search head by curl and REST?

0 Karma

MuS
SplunkTrust
SplunkTrust

Okay, before one gets cheeky it would be better to read my updated answer from 22 hours ago. Then read it again, try it and then say thank you.

philip_wong
Communicator

Sorry, I didn't see the example from my view before.
It works now! Thank you for your patience and prompt response.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...