Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we use REST API call to re-authenticate search peers?

philip_wong
Communicator
‎11-23-2014 12:12 AM

It's very pain to re-enter username/password when we have almost 100 search peers.

Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎11-23-2014 09:50 AM

Hi philip.wong,

you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf

But if you need to / want to / have to / insist to use the REST API you can run something like this:

curl  -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>

The result will look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>distsearch-peer</title>
  <id>https://127.0.0.1:8089/services/search/distributed/peers</id>
  <updated>2014-11-24T09:10:54+01:00</updated>
  <generator build="213098" version="6.1.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>servername:8089</title>
    <id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
    <updated>2014-11-24T09:10:54+01:00</updated>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build">213098</s:key>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="guid">SomeKey</s:key>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature">EvenMoreKeys</s:key>
        <s:key name="peerName">servername</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="remote_session">MuchMoreKeys</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="rtsearch_enabled">1</s:key>
        <s:key name="startup_time">1416801414</s:key>
        <s:key name="status">Up</s:key>
        <s:key name="version">6.1.2</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

hope this helps ...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎11-23-2014 09:50 AM

Hi philip.wong,

you can use a simple remote Splunk command to add search peers and run it in a looping script. See the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuredistributedsearch#Use_the_CLI
But to be able to run such a remote command, you must enable allowRemoteLogin in server.conf see docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Serverconf

But if you need to / want to / have to / insist to use the REST API you can run something like this:

curl  -k -u <adminuser>:<password> https://<yourlocalsplunkserverip>:8089/services/search/distributed/peers -d name=<yoursearchpeerip/DNS/FQDN>:8089 -d remoteUsername=<remoteserveradminuser> -d remotePassword=<remoteserverpassword>

The result will look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>distsearch-peer</title>
  <id>https://127.0.0.1:8089/services/search/distributed/peers</id>
  <updated>2014-11-24T09:10:54+01:00</updated>
  <generator build="213098" version="6.1.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>servername:8089</title>
    <id>https://127.0.0.1:8089/services/search/distributed/peers/servername%3A8089</id>
    <updated>2014-11-24T09:10:54+01:00</updated>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="list"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="edit"/>
    <link href="/services/search/distributed/peers/servername%3A8089" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build">213098</s:key>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="guid">SomeKey</s:key>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature">EvenMoreKeys</s:key>
        <s:key name="peerName">servername</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="remote_session">MuchMoreKeys</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="rtsearch_enabled">1</s:key>
        <s:key name="startup_time">1416801414</s:key>
        <s:key name="status">Up</s:key>
        <s:key name="version">6.1.2</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

hope this helps ...

cheers, MuS

Reply
Solved! Jump to solution

philip_wong
Communicator
‎11-23-2014 08:11 PM

We got some file permission errors after moving to SHP while running the CLI you mentioned. I'm going to raise support ticket for that.

Now we prefer not to login the search head and run CLI but using REST API
My question is, can we use REST API to re-auth/remove search peers?

I just tested and be able to answer post of this.
To remove a search peer can do by this.

curl -k https://$host:$port/services/search/distributed/peers/$peer_host:$peer_port --request DELETE

I tried "--request POST -remoteUsername -remotePassword" but doesn't work to add a search peer.
Can you advise what's wrong??

Thank you!

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎11-24-2014 12:20 AM

Hi, I don't see the point why it should be different using the REST API....but then I don't know your use case 😉 So see my updated answer to get the REST API command to add a search peer. You're welcome 🙂

0 Karma
Reply
Solved! Jump to solution

philip_wong
Communicator
‎11-24-2014 06:16 PM

Can you simply tell me how to add search peer to a search head by curl and REST?

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎11-24-2014 10:40 PM

Okay, before one gets cheeky it would be better to read my updated answer from 22 hours ago. Then read it again, try it and then say thank you.

Reply
Solved! Jump to solution

philip_wong
Communicator
‎11-25-2014 12:55 AM

Sorry, I didn't see the example from my view before.
It works now! Thank you for your patience and prompt response.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...