- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Unable to manipulate serverclass whitelist via...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're trying to script some whitelisting of hosts in serverclasses, hit a snag.
We create a test serverclass named 'posttest' with one app and nothing in the whitelist. When we try to add a host:
curl -x '' -k -u admin:xxxxxxx https://splunk-c-ds.local:8089/services/deployment/server/serverclasses/posttest -d whitelist.0=posted_host
we get this response
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">
In handler 'serverclasses': bundle=serverclass stanza=serverClass:posttest The sourceApp=system doesn't equal callerApp=search</msg>
</messages>
</response>
This appears to be the same issue seen by a212830 seen down in the notes for https://answers.splunk.com/answers/307335/why-am-i-getting-error-cannot-perform-action-post.html, no there is no solution posted there.
We're running 6.3.0.1.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found my own answer. The POST endpoint is not always /services/deployment/server/serverclasses/classname
It's different for the different serverclasses (depends on what application you were in when dropped into forwarder management and added the server class). When POSTing changes, you need to use the endpoint listed in the href for the <link> that has rel="edit"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried adding "reload" to the endpoint url?
/services/deployment/server/serverclasses//reload
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found my own answer. The POST endpoint is not always /services/deployment/server/serverclasses/classname
It's different for the different serverclasses (depends on what application you were in when dropped into forwarder management and added the server class). When POSTing changes, you need to use the endpoint listed in the href for the <link> that has rel="edit"
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
