I am trying to access some API calls through splunk and pull data out of an index with API calls. All the examples in the SDK use the admin userid to perform the searches. Is it possible to access the API without using a user with admin authority?
Id like to create a account just for API calls so that our custom scripts/applications can query splunk directly. The issue here is that I dont want to have to share an admin enabled account with users/devs to accomplish.
Anyone know how to do this? I have played around with this, but cannot get the searches working with anything but admin.
Hi GhrisG. Could you clarify please.
I have several search heads in my Splunk cluster. I'd like to restrict permissions for one particular search head (even for admins there). Is this possible?
Thanks in advance!