Getting Data In

How to connect to Splunk's REST API?

Kaushikkatta03
Explorer

Our Web/mobile team is considering an innovation project involving a Splunk integration. Basically, better tracking/early notification of errors so that we can prevent them. We’re attempting to work with the Splunk REST API, but we can’t seem to connect to the documented endpoints, either via REST or the official Java SDK. Has something been done on the config side to prevent API access? If so, we’d like to inquire into a configuration change or other workaround to get Splunk API access.

Alternatively, do you have any insight into an efficient way to access the application logs? The only other thing I’m thinking of is sftp-ing log files off of the server and then parsing them manually, which doesn’t sound nearly as usable as the Splunk API.

0 Karma

woodcock
Esteemed Legend

The best way to test the splunk REST API is to hit it from within a Splunk Search Head. Testing here ensures that there are no firewall or other connection/permission problems. This will allow you to easily assess whether the endpoints you think you need actually do what you need them to do. So login to your Search Head and try them from the search bar like this:

|rest /services/data/indexes
0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...