Getting Data In

How to connect to Splunk's REST API?

Kaushikkatta03
Explorer

Our Web/mobile team is considering an innovation project involving a Splunk integration. Basically, better tracking/early notification of errors so that we can prevent them. We’re attempting to work with the Splunk REST API, but we can’t seem to connect to the documented endpoints, either via REST or the official Java SDK. Has something been done on the config side to prevent API access? If so, we’d like to inquire into a configuration change or other workaround to get Splunk API access.

Alternatively, do you have any insight into an efficient way to access the application logs? The only other thing I’m thinking of is sftp-ing log files off of the server and then parsing them manually, which doesn’t sound nearly as usable as the Splunk API.

0 Karma

woodcock
Esteemed Legend

The best way to test the splunk REST API is to hit it from within a Splunk Search Head. Testing here ensures that there are no firewall or other connection/permission problems. This will allow you to easily assess whether the endpoints you think you need actually do what you need them to do. So login to your Search Head and try them from the search bar like this:

|rest /services/data/indexes
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...