Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I use the REST API?

sdorich
Communicator
‎02-12-2014 06:48 AM

I've been trying to follow the instructions on the following site:

http://dev.splunk.com/view/SP-CAAADQT

However, I keep getting the issue that the page cannot be found (I'll paste the exact output I get from the following call at the bottom). I might be missing a step so please let me know if there's something else I need to do first. Thanks in advance.

This call (note that I do not use https b/c the secure connection was not found at all)

curl -u admin: -k http://localhost:8000/serviceNS/admin/search

outputs

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
This is a static HTML string template to render errors. To edit this
template, see appserver/mrsparkle/lib/error.py.
-->





The path '/en-US/serviceNS/admin/search/auth/login/' was not found. - Splunk

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎02-12-2014 07:17 AM

You'll have to talk to Splunk's management port (default 8089), not the Splunkweb port (default 8000). It also speaks https.

Also, the URL you tried "/servicesNS/admin/search" is incomplete. That just says "for the admin user in the search app context...". An example might be: https://127.0.0.1:8089/servicesNS/admin/search/saved/searches" to list the saved searches visible to the admin user in the search app. Some good examples are found here (Splunk docs) as well.

View solution in original post

Reply
Solved! Jump to solution

Ayn
Legend
‎02-12-2014 07:17 AM

You're using the wrong port. Port 8000 is Splunk's regular web interface. The REST API is available on port 8089 (over HTTPS).

0 Karma
Reply
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎02-12-2014 07:17 AM

You'll have to talk to Splunk's management port (default 8089), not the Splunkweb port (default 8000). It also speaks https.

Also, the URL you tried "/servicesNS/admin/search" is incomplete. That just says "for the admin user in the search app context...". An example might be: https://127.0.0.1:8089/servicesNS/admin/search/saved/searches" to list the saved searches visible to the admin user in the search app. Some good examples are found here (Splunk docs) as well.

Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎02-12-2014 10:05 AM

The REST API is for talking to the management port of "a" Splunk instance. You can talk REST to a forwarder, but it won't have a lot to say. You don't need the forwarder to query the server (indexer).

0 Karma
Reply
Solved! Jump to solution

sdorich
Communicator
‎02-12-2014 08:25 AM

@sowings -
Thanks, that helps. One last question (remember I'm a newbie with the REST API).. I'm assuming that I don't need to set up a forwarder on the server I want to get REST API calls from since these calls use http methods. Am I correct or is a forwarder still needed for whatever reason?

0 Karma
Reply
Solved! Jump to solution

sdorich
Communicator
‎02-12-2014 06:50 AM

Note that I'm a newbie to REST API calls so bare with me. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...