Dashboards & Visualizations

Splunk dashboard automation via REST: Which specific roles should I ask for?

mmichalowicz
Explorer

I would like to perform HTTP GET and POST XML for Splunk dashboards via REST. However, I need to ask for specific roles for this including auth, GET, and POST from my Splunk support organization.

Which roles do I need to explicitly request? Asking for admin privileges is out of the question.

The links I see in all the answers point to generic documentation that simply aren't helping me with explicitly what I have to ask for.

I need the most minimal permissions to accomplish simple auth, GET, and POST to have any chance to be approved...

Thanks in advance.

0 Karma
1 Solution

mmichalowicz
Explorer

I figured it out... The URL used by the webapp is either forwarded or is a different endpoint. I found the URL which responds to services/auth/login, I am able to get session key, and then do some other downstream endpoints returning the XML for dashboards. I simply now have to get used to the API's I need to simply get the dashboard xml.. I'm now struggling with labels, names, and id's but it appears this is a normal journey.

Thanks all for responding!

View solution in original post

0 Karma

mmichalowicz
Explorer

I figured it out... The URL used by the webapp is either forwarded or is a different endpoint. I found the URL which responds to services/auth/login, I am able to get session key, and then do some other downstream endpoints returning the XML for dashboards. I simply now have to get used to the API's I need to simply get the dashboard xml.. I'm now struggling with labels, names, and id's but it appears this is a normal journey.

Thanks all for responding!

0 Karma

somesoni2
SplunkTrust
SplunkTrust

It depends on what artifacts/endpoints you're hitting and what POST operations you want to perform. If you're just looking to modify artifacts that you own, regular user role is sufficient. If you want to modify searches that you've shared with other users, power user may the role you need.

0 Karma

mmichalowicz
Explorer

IMO, there's no such thing as "regular user role" in corporate security... I'm assuming REST roles were revoked from "regular users" since I can't get an /account/login POST working from Java, curl, Postman, etc...

So my question remains, what are the minimal roles needed to at least do an auth, GET, and POST to dashboards I have access to as my user (I don't "own" anything, I am simply a user to these dashboards)

A simple auth always returns 401 unauthorized, so there must be some minimal roles to even get an auth...
I put Chrome in debug and watch POST's to the /account/login endpoint with username/password in a POST x-www-form-urlencoded but I simply cannot reproduce a successful call outside of the Splunk Web pages..

0 Karma

somesoni2
SplunkTrust
SplunkTrust

What error that you get when running a POST for /auth/login ? Do you have access to Splunk (login to Splunk Web UI with same credentials)?

If you're trying to access a dashboard, owned by others, your Splunk role should have permission to read/edit those dashboards. So, more that capabilities, this could be an issue of permission at the object level.

0 Karma

mmichalowicz
Explorer

I've tried auth/login and services/auth/login but they aren't valid endpoints (404). I try account/login and I get a 401 Unauthorized with a response body { "status" : 1 }

I am mimicking the URL that the Splunk UI is authorizing against (debugging using Chrome dev tools)

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...