Getting Data In
Highlighted

Can we use REST API call to re-authenticate search peers?

Communicator

It's very pain to re-enter username/password when we have almost 100 search peers.

Highlighted

Re: Can we use REST API call to re-authenticate search peers?

SplunkTrust
SplunkTrust

Hi philip.wong,

you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf

But if you need to / want to / have to / insist to use the REST API you can run something like this:

curl  -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>

The result will look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>distsearch-peer</title>
  <id>https://127.0.0.1:8089/services/search/distributed/peers</id>
  <updated>2014-11-24T09:10:54+01:00</updated>
  <generator build="213098" version="6.1.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>servername:8089</title>
    <id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
    <updated>2014-11-24T09:10:54+01:00</updated>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build">213098</s:key>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="guid">SomeKey</s:key>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature">EvenMoreKeys</s:key>
        <s:key name="peerName">servername</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="remote_session">MuchMoreKeys</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="rtsearch_enabled">1</s:key>
        <s:key name="startup_time">1416801414</s:key>
        <s:key name="status">Up</s:key>
        <s:key name="version">6.1.2</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

hope this helps ...

cheers, MuS

View solution in original post

Highlighted

Re: Can we use REST API call to re-authenticate search peers?

Communicator

We got some file permission errors after moving to SHP while running the CLI you mentioned. I'm going to raise support ticket for that.

Now we prefer not to login the search head and run CLI but using REST API
My question is, can we use REST API to re-auth/remove search peers?

I just tested and be able to answer post of this.
To remove a search peer can do by this.

curl -k https://$host:$port/services/search/distributed/peers/$peerhost:$peerport --request DELETE

I tried "--request POST -remoteUsername -remotePassword" but doesn't work to add a search peer.
Can you advise what's wrong??

Thank you!

0 Karma
Highlighted

Re: Can we use REST API call to re-authenticate search peers?

SplunkTrust
SplunkTrust

Hi, I don't see the point why it should be different using the REST API....but then I don't know your use case 😉 So see my updated answer to get the REST API command to add a search peer. You're welcome 🙂

0 Karma
Highlighted

Re: Can we use REST API call to re-authenticate search peers?

Communicator

Can you simply tell me how to add search peer to a search head by curl and REST?

0 Karma
Highlighted

Re: Can we use REST API call to re-authenticate search peers?

SplunkTrust
SplunkTrust

Okay, before one gets cheeky it would be better to read my updated answer from 22 hours ago. Then read it again, try it and then say thank you.

Highlighted

Re: Can we use REST API call to re-authenticate search peers?

Communicator

Sorry, I didn't see the example from my view before.
It works now! Thank you for your patience and prompt response.

0 Karma