Hello Splunkers
There is a partial REST API documentation.
There is a lot of information missing.
http://docs.splunk.com/Documentation/StreamApp/7.0.1/DeployStreamApp/SplunkAppforStreamRESTAPI
We are really interested in configuring our streams using the REST API.
Especially, since we are unable to use the SDK, because we are using python3.
Current, urgent use case
We want to create, modify and delete streams
Greetings
Mathias
A splunkd endpoint (Rest API) resides on port 8089 by default. In order to access these from code running in the browser, it needs to be “expose” setting in $SPLUNK_HOME/etc/system/default/web.conf. Or else it gives cross-origin prevention and CSRF protections in the browser.
To resolve this you are trying to send tokens for splunkweb_csrf_token_8000, splunkd_8000 and session_id_8000
.
Actually these token are saved in your browser as cookies when u login to splunk web browser.
U need not to explicitly send in the request header. In turn, the browser will send these tokens in request header. U can see this in network section of browser.
hi. The Splunk Stream REST API docs have been updated with new request/response examples, parameter information, etc., for each operation. To use the /streams endpoint to create, modify, and delete streams, see: http://docs.splunk.com/Documentation/StreamApp/7.0.1/DeployStreamApp/SplunkAppforStreamRESTAPI#Strea...
HTH.
Hi
Thanks.
What I don't understand yet is how do I get the tokens
The /streams/ GET command comments
The cookies and x-splunk-form-key can be obtained from the GET request's response headers.
But when I run it I only get
$ curl -i -k https://localhost:8000/en-US/custom/splunk_app_stream/streams/test
HTTP/1.1 404 Not Found
Date: Wed, 15 Feb 2017 14:35:14 GMT
Content-Type: text/json;charset=utf-8
X-Content-Type-Options: nosniff
Content-Length: 337
Vary: Cookie
Connection: Keep-Alive
X-Frame-Options: SAMEORIGIN
Set-Cookie: session_id_8000=ee2f22f1c69a96be792938a883934b541b503d89; expires=Thu, 16 Feb 2017 14:35:10 GMT; httponly; Path=/; secure
Server: Splunkd
{"status": 404, "error": "Stream with specified id not found", "success": false}
I assume that I can just take the sessionID for the cookie so
splunkd_8000=ee2f22f1c69a96be792938a883934b541b503d89
But when I look at the POST command I also need
Where do I get these from?
Hi. Just FYI:
The Stream REST API docs have been updated with instructions on how to generate the required tokens. See:
http://docs.splunk.com/Documentation/StreamApp/7.0.1/DeployStreamApp/SplunkAppforStreamRESTAPI#How_t...