Any way to do API calls to Splunk without using an...

ryneily · ‎11-27-2012

I am trying to access some API calls through splunk and pull data out of an index with API calls. All the examples in the SDK use the admin userid to perform the searches. Is it possible to access the API without using a user with admin authority?

Id like to create a account just for API calls so that our custom scripts/applications can query splunk directly. The issue here is that I dont want to have to share an admin enabled account with users/devs to accomplish.

Anyone know how to do this? I have played around with this, but cannot get the searches working with anything but admin.

ChrisG · ‎11-27-2012

Depending on the resources you are trying to access, you probably do need admin credentials. See the topic Accessing Splunk resources in the REST API Reference for additional information.

highsplunker · ‎08-18-2019

Hi GhrisG. Could you clarify please.
For example,
I have several search heads in my Splunk cluster. I'd like to restrict permissions for one particular search head (even for admins there). Is this possible?
Thanks in advance!

Any way to do API calls to Splunk without using an Account with Admin role defined to it?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!