Getting Data In

Can you hide the credentials in the curl command from the CLI to prevent my Splunk credentials from getting syslogged?


I need to update ownership of searches after converting to a search head cluster environmen,t and from my understanding, we cannot edit the files anymore for replication to work, so I am doing it via the CLI commands using curl, but that does get syslogged which contains the Splunk creds. Is there a way to get it to prompt for a userid/password ?

0 Karma

Splunk Employee
Splunk Employee

Let's take a step back:

  • Why do you need to convert ownership? That shouldn't be a requirement of switching to SHC.
  • I believe the recommended approach is to bundle your SHP knowledge objects into an app that you put on the deployer. Then have the deployer push that out to the SHC.
  • Therefore, if you needed the owner changed, you could do it on the deployer's local.meta and that would address the challenge.

Let me know if you want to talk in real time offline. It sounds like there's a few implementation plan details worth talking our way through.

0 Karma


You can write a wrapper script to prompt for credentials and run the curl command.

0 Karma


Sorry to bring up such an old topic, but would really appreciate if you could share an example.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...