How to connect to Splunk's REST API?

Kaushikkatta03 · ‎07-20-2016

Our Web/mobile team is considering an innovation project involving a Splunk integration. Basically, better tracking/early notification of errors so that we can prevent them. We’re attempting to work with the Splunk REST API, but we can’t seem to connect to the documented endpoints, either via REST or the official Java SDK. Has something been done on the config side to prevent API access? If so, we’d like to inquire into a configuration change or other workaround to get Splunk API access.

Alternatively, do you have any insight into an efficient way to access the application logs? The only other thing I’m thinking of is sftp-ing log files off of the server and then parsing them manually, which doesn’t sound nearly as usable as the Splunk API.

woodcock · ‎07-20-2016

The best way to test the splunk REST API is to hit it from within a Splunk Search Head. Testing here ensures that there are no firewall or other connection/permission problems. This will allow you to easily assess whether the endpoints you think you need actually do what you need them to do. So login to your Search Head and try them from the search bar like this:

|rest /services/data/indexes

How to connect to Splunk's REST API?

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?