Getting Data In

Any way to do API calls to Splunk without using an Account with Admin role defined to it?

Engager

I am trying to access some API calls through splunk and pull data out of an index with API calls. All the examples in the SDK use the admin userid to perform the searches. Is it possible to access the API without using a user with admin authority?

Id like to create a account just for API calls so that our custom scripts/applications can query splunk directly. The issue here is that I dont want to have to share an admin enabled account with users/devs to accomplish.

Anyone know how to do this? I have played around with this, but cannot get the searches working with anything but admin.

Tags (2)

Splunk Employee
Splunk Employee

Depending on the resources you are trying to access, you probably do need admin credentials. See the topic Accessing Splunk resources in the REST API Reference for additional information.

0 Karma

Contributor

Hi GhrisG. Could you clarify please.
For example,
I have several search heads in my Splunk cluster. I'd like to restrict permissions for one particular search head (even for admins there). Is this possible?
Thanks in advance!

0 Karma