Getting Data In

Any way to do API calls to Splunk without using an Account with Admin role defined to it?

ryneily
Engager

I am trying to access some API calls through splunk and pull data out of an index with API calls. All the examples in the SDK use the admin userid to perform the searches. Is it possible to access the API without using a user with admin authority?

Id like to create a account just for API calls so that our custom scripts/applications can query splunk directly. The issue here is that I dont want to have to share an admin enabled account with users/devs to accomplish.

Anyone know how to do this? I have played around with this, but cannot get the searches working with anything but admin.

Tags (2)

ChrisG
Splunk Employee
Splunk Employee

Depending on the resources you are trying to access, you probably do need admin credentials. See the topic Accessing Splunk resources in the REST API Reference for additional information.

0 Karma

highsplunker
Contributor

Hi GhrisG. Could you clarify please.
For example,
I have several search heads in my Splunk cluster. I'd like to restrict permissions for one particular search head (even for admins there). Is this possible?
Thanks in advance!

0 Karma
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...