I'm reading through all of the API docs, and I am executing GET API calls against my search head successfully. However, I want to restart the separate universal forwarder and edit inputs.conf via the API but I can't figure out how to enable the REST API on it.nThere are no splunk accounts on it, so what do I need to configure here?
Hi thisissplunk,
as soon as you changed the default pwd as already suggested, you will be able to do remote API calls. This is the recommend and most secure approach.
There is however one setting in server.conf
that allows remote login without changing the default password
Entering danger zone here do this on your own risk!
You can find the option in this http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf#General_Server_Configuration docs section, it is the allowRemoteLogin
option.
Hope this helps ...
cheers, MuS
Hi thisissplunk,
as soon as you changed the default pwd as already suggested, you will be able to do remote API calls. This is the recommend and most secure approach.
There is however one setting in server.conf
that allows remote login without changing the default password
Entering danger zone here do this on your own risk!
You can find the option in this http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf#General_Server_Configuration docs section, it is the allowRemoteLogin
option.
Hope this helps ...
cheers, MuS
what do you get when you hit 8089 port on the server where you have UF installed? https://myserver:8089
If I remember correctly, you have to change the default admin password on the forwarder to execute rest api commands.