Why am I unable to connect to a Splunk API URL fro...

vw5qb73 · ‎06-14-2016

Hi

I am trying to connect to Splunk API from a different VM.

My API command works when I run this as localhost to the search head VM. If I replace localhost with the IP or VM name of search head, and try to run curl, it won't connect.

Telnet to 8089 port says connection refused

splunksrch01:/tmp # curl -k -u user:pwd -d "search=search host=pc* earliest=-1h@h | chart count by host" https://localhost:8089/services/search/jobs/

Above command works if on search head.

But if run this from another VM by replacing localhost with search head IP, it won't work:

curl -k -u user:pwd -d "search=search host=pc* earliest=-1h@h | chart count by host" https://XX.XX.XX.XX:8089/services/search/jobs/
curl: (7) couldn't connect to host

Pls help
Is it because 8089 port is not opened? or something else?

ryanoconnor · ‎06-14-2016

Correct you're going to want to make sure there is a route from that VM to the Splunk Search Head and that port 8089 is opened on the Search Head. If you can't telnet on that port, than you have some sort of networking issue going on.

Why am I unable to connect to a Splunk API URL from an external VM by replacing localhost with the search head IP?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation