Developing for Splunk Enterprise

How to connect to management port REST API from the Python Module which sits in controller directory?


I am stuck at one point where i have to make a POST request from the UI to management port API. Now i cannot do that as i need session token and have to allow the Splunk server to accept any request from the IP, which is not an efficient way. So i want to make a REST Request to the custom URL, which in turn should make request the Splunk webserver. I have to do it with Python, but the only concern is how can i make the custom URL in the existing app and handle it ,

i am making the ajax request at /custom/app_name/module/function

and in the controller i have a function defined, but still i am not able to get success.

Any sort of help will be appreciated.


0 Karma


So to use the REST interface with python perhaps something like this.

The below code is partially based on the "Splunk REST API is easy to use" blog post , and also on some other documentation on the Splunk website:

import urllib
import urllib2
import ssl
import base64

#Send a request using a POST command to the required URL
#SSL checking is disabled due to use of the self-signed certificates
def sendrequest(values, server, url):
    ctx = ssl.create_default_context()
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE
    data = urllib.urlencode(values)
    req = urllib2.Request(server + url, data)

    req.add_header("Authorization", "Basic %s" % base64string)
    response = urllib2.urlopen(req, context=ctx)
    the_page =

username = "username"
password = "<yourpassword>"
base64string = base64.encodestring('%s:%s' % (username, password)).replace('\n', '')
server = "https://localhost:8089/"
url = "/servicesNS/nobody/<app...>"

#Create the Oracle_SIEMUser_ChangePassword identity with username SIEM_USER
values = {"parameter1" : "value1",

#Actually run the HTTP request
sendrequest(values, server, url)

I normally determine the endpoint by hitting:

And then determining where I should go, there is likely a better way to do it !

0 Karma