https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119683#M24914 <P>I will (almost) answer my own question after some searching.</P> <P>A (very brutal) way to do it is by using the CLI commands, namely<BR /> * Install Splunk locally and start its daemon<BR /> * Launch a query from the command line similar to <EM>splunk search 'earliest=-10m latest=-1m index=foo host="bar*" sourcetype="test" "some text" AND NOT "other" ' -uri <A href="https://remote-splunk:port">https://remote-splunk:port</A></EM></P> <P>Downside is that the first time you are prompted for username/password of the remote host.</P> <P>Obviously this will only work well for local scripting or batch jobs, not used by a high request-volume server/process.</P> <P>I hope this helps.</P> Fri, 01 Nov 2013 17:07:18 GMT sgerogia 2013-11-01T17:07:18Z https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119682#M24913 <P>Hello.</P> <P>In our company we already have a Splunk 5 setup with multiple search heads and indexers.</P> <P>What I would like to do is setup a local Splunk instance, which would just accept REST API requests, simply relay them to the existing search head(s) and return back results.<BR /> As minimum data as possible are to be maintained on this light instance; I like to think of it as a query proxy.</P> <P>Does Splunk support this topology?</P> <P>If yes, which settings in the light instance should I look into? Or perhaps some page in the online docs that I have missed?</P> <P>Thank you,<BR /> S.</P> <P>UPDATE:<BR /> I forgot to clarify that, for whatever historical/obscure reason, direct REST API access to the search heads has been disabled.</P> Tue, 29 Oct 2013 13:16:30 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119682#M24913 sgerogia 2013-10-29T13:16:30Z https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119683#M24914 <P>I will (almost) answer my own question after some searching.</P> <P>A (very brutal) way to do it is by using the CLI commands, namely<BR /> * Install Splunk locally and start its daemon<BR /> * Launch a query from the command line similar to <EM>splunk search 'earliest=-10m latest=-1m index=foo host="bar*" sourcetype="test" "some text" AND NOT "other" ' -uri <A href="https://remote-splunk:port">https://remote-splunk:port</A></EM></P> <P>Downside is that the first time you are prompted for username/password of the remote host.</P> <P>Obviously this will only work well for local scripting or batch jobs, not used by a high request-volume server/process.</P> <P>I hope this helps.</P> Fri, 01 Nov 2013 17:07:18 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119683#M24914 sgerogia 2013-11-01T17:07:18Z https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119684#M24915 <P>You have read this?</P> <P><A href="http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8">http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8</A></P> Fri, 01 Nov 2013 17:11:06 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119684#M24915 dmaislin_splunk 2013-11-01T17:11:06Z https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119685#M24916 <P>This would obviously be better, I agree.<BR /> Namely, make a REST call to the local Splunk which would relay it to the remote search head. Do you know how to set the equivalent of the -uri switch in the API request?</P> Fri, 01 Nov 2013 17:20:34 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-up-an-ultra-light-front-end-instance-for-API-request/m-p/119685#M24916 sgerogia 2013-11-01T17:20:34Z