Re: Can a universal forwarder be restarted via RES...

xiyangyang · ‎12-21-2017

Can UF be restart via REST API?
What other things can be done to UF via REST API?

harsmarvania57 · ‎12-22-2017

Hi @xiyangyang,

Yes, you can restart UF via REST API (ref doc. http://docs.splunk.com/Documentation/Splunk/7.0.1/RESTREF/RESTsystem#server.2Fcontrol.2Frestart )

curl -k -u admin:changeme https://localhost:8089/services/server/control/restart -X POST

If you want to run above command from remote server then you need to change default password for admin user otherwise you will get below error.

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="WARN">Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file.</msg>
  </messages>
</response>

I hope this helps.

Thanks,
Harshil

gcusello · ‎12-21-2017

Hi xiyangyang,
I don't know why you want to restart a UF using REST API, I think that the easiest way is a remote shell script.
Anyway you can find all the information about REST API features at http://dev.splunk.com/restapi .

Bye.

Giuseppe

Can a universal forwarder be restarted via REST API?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases