Can a universal forwarder be restarted via REST AP...

xiyangyang · ‎12-21-2017

Can UF be restart via REST API?
What other things can be done to UF via REST API?

harsmarvania57 · ‎12-22-2017

Hi @xiyangyang,

Yes, you can restart UF via REST API (ref doc. http://docs.splunk.com/Documentation/Splunk/7.0.1/RESTREF/RESTsystem#server.2Fcontrol.2Frestart )

curl -k -u admin:changeme https://localhost:8089/services/server/control/restart -X POST

If you want to run above command from remote server then you need to change default password for admin user otherwise you will get below error.

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="WARN">Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file.</msg>
  </messages>
</response>

I hope this helps.

Thanks,
Harshil

gcusello · ‎12-21-2017

Hi xiyangyang,
I don't know why you want to restart a UF using REST API, I think that the easiest way is a remote shell script.
Anyway you can find all the information about REST API features at http://dev.splunk.com/restapi .

Bye.

Giuseppe

Can a universal forwarder be restarted via REST API?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation