Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Can we use REST API call to re-authenticate search...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
philip_wong
Communicator
11-23-2014
12:12 AM
It's very pain to re-enter username/password when we have almost 100 search peers.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
11-23-2014
09:50 AM
Hi philip.wong,
you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf
But if you need to / want to / have to / insist to use the REST API you can run something like this:
curl -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>
The result will look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>distsearch-peer</title>
<id>https://127.0.0.1:8089/services/search/distributed/peers</id>
<updated>2014-11-24T09:10:54+01:00</updated>
<generator build="213098" version="6.1.2"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/search/distributed/peers/_new" rel="create"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>servername:8089</title>
<id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
<updated>2014-11-24T09:10:54+01:00</updated>
<link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
<link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
<link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="build">213098</s:key>
<s:key name="bundle_versions">
<s:list/>
</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="guid">SomeKey</s:key>
<s:key name="is_https">1</s:key>
<s:key name="licenseSignature">EvenMoreKeys</s:key>
<s:key name="peerName">servername</s:key>
<s:key name="peerType">configured</s:key>
<s:key name="remote_session">MuchMoreKeys</s:key>
<s:key name="replicationStatus">Initial</s:key>
<s:key name="rtsearch_enabled">1</s:key>
<s:key name="startup_time">1416801414</s:key>
<s:key name="status">Up</s:key>
<s:key name="version">6.1.2</s:key>
</s:dict>
</content>
</entry>
</feed>
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
11-23-2014
09:50 AM
Hi philip.wong,
you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf
But if you need to / want to / have to / insist to use the REST API you can run something like this:
curl -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>
The result will look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>distsearch-peer</title>
<id>https://127.0.0.1:8089/services/search/distributed/peers</id>
<updated>2014-11-24T09:10:54+01:00</updated>
<generator build="213098" version="6.1.2"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/search/distributed/peers/_new" rel="create"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>servername:8089</title>
<id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
<updated>2014-11-24T09:10:54+01:00</updated>
<link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
<link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
<link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="build">213098</s:key>
<s:key name="bundle_versions">
<s:list/>
</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="guid">SomeKey</s:key>
<s:key name="is_https">1</s:key>
<s:key name="licenseSignature">EvenMoreKeys</s:key>
<s:key name="peerName">servername</s:key>
<s:key name="peerType">configured</s:key>
<s:key name="remote_session">MuchMoreKeys</s:key>
<s:key name="replicationStatus">Initial</s:key>
<s:key name="rtsearch_enabled">1</s:key>
<s:key name="startup_time">1416801414</s:key>
<s:key name="status">Up</s:key>
<s:key name="version">6.1.2</s:key>
</s:dict>
</content>
</entry>
</feed>
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
philip_wong
Communicator
11-23-2014
08:11 PM
We got some file permission errors after moving to SHP while running the CLI you mentioned. I'm going to raise support ticket for that.
Now we prefer not to login the search head and run CLI but using REST API
My question is, can we use REST API to re-auth/remove search peers?
I just tested and be able to answer post of this.
To remove a search peer can do by this.
curl -k https://$host:$port/services/search/distributed/peers/$peer_host:$peer_port --request DELETE
I tried "--request POST -remoteUsername -remotePassword" but doesn't work to add a search peer.
Can you advise what's wrong??
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
11-24-2014
12:20 AM
Hi, I don't see the point why it should be different using the REST API....but then I don't know your use case 😉 So see my updated answer to get the REST API command to add a search peer. You're welcome 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
philip_wong
Communicator
11-24-2014
06:16 PM
Can you simply tell me how to add search peer to a search head by curl and REST?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
11-24-2014
10:40 PM
Okay, before one gets cheeky it would be better to read my updated answer from 22 hours ago. Then read it again, try it and then say thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
philip_wong
Communicator
11-25-2014
12:55 AM
Sorry, I didn't see the example from my view before.
It works now! Thank you for your patience and prompt response.
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
