Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use Splunk's REST API or JavaScript SDK to connect directly to Splunk within a browser?

jonfrancais
Explorer
‎06-23-2015 02:33 AM

We are looking to build a standalone Chrome application (in JavaScript) using Splunk's RESTful API to the management port 8089.

As this is a Chrome application it is allowed to make the cross-site request directly to the Splunk server. However, when using either the Splunk JS SDK or the RESTful API to connect directly to Splunk, we get certificate errors as the default certificate provided by Splunk is invalid (the Common Name does not match the hosted domain, etc.) The errors in the browser are NET::ERR_INSECURE_RESPONSE and NET::ERR_CERT_COMMON_NAME_INVALID. Using curl works fine, but I presume this is because it makes no attempt to validate certificates.

Ideally, we would like to make the request directly to Splunk, without having to rely on any additional server-side infrastructure for proxying results, using server-side scripts, etc.

As far as I can see, we would need to update the certificate on the management port, but Splunk recommends that this certificate is not changed. (Not able to provide the link here, but can be found under "Secure inter-splunk communication with SSL")

What are the recommendations for getting around this? Is this type of direct access not supported?

Any help would be very much appreciated!

Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎06-24-2015 04:33 AM

What do you mean "Chrome application"? If you are using Nodejs, then the application will work in any browser. You will have to specify not to validate the certificates. The SplunkJS SDK doesn't have the option to ignore certs (afaik), so that will need to be handled in your server-side validation (nodejs).

For a more detailed answer, please include which technologies you are using to build your Application (including server-side and client-side interfaces). Thanks!

Full documentation on the SDK is here: http://docs.splunk.com/Documentation/JavaScriptSDK

Reply

jonfrancais
Explorer
‎06-24-2015 07:45 AM

Thanks for your response. We are just making a direct AJAX call to the management endpoint and wrapping it into a very basic Chrome application - not using NodeJS or any other client-side technologies. We have no other server-side interfaces apart from the management endpoint (and would ideally like to avoid any additional infrastructure, if possible). I don't believe it's possible to disable the certificate validation in Chrome, even within Applications or Extensions (which is understandable).

Could you elaborate on what you mean by "using NodeJs" such that it will work?

Thanks again.

Reply

kartik13
Communicator
‎09-22-2015 11:57 PM

any lead on this.Even i am trying to do the same thing .Any idea how to proceed.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...