Any way to do API calls to Splunk without using an...

ryneily · ‎11-27-2012

I am trying to access some API calls through splunk and pull data out of an index with API calls. All the examples in the SDK use the admin userid to perform the searches. Is it possible to access the API without using a user with admin authority?

Id like to create a account just for API calls so that our custom scripts/applications can query splunk directly. The issue here is that I dont want to have to share an admin enabled account with users/devs to accomplish.

Anyone know how to do this? I have played around with this, but cannot get the searches working with anything but admin.

ChrisG · ‎11-27-2012

Depending on the resources you are trying to access, you probably do need admin credentials. See the topic Accessing Splunk resources in the REST API Reference for additional information.

highsplunker · ‎08-18-2019

Hi GhrisG. Could you clarify please.
For example,
I have several search heads in my Splunk cluster. I'd like to restrict permissions for one particular search head (even for admins there). Is this possible?
Thanks in advance!

Any way to do API calls to Splunk without using an Account with Admin role defined to it?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation