Getting Data In

How to connect to Splunk's REST API?


Our Web/mobile team is considering an innovation project involving a Splunk integration. Basically, better tracking/early notification of errors so that we can prevent them. We’re attempting to work with the Splunk REST API, but we can’t seem to connect to the documented endpoints, either via REST or the official Java SDK. Has something been done on the config side to prevent API access? If so, we’d like to inquire into a configuration change or other workaround to get Splunk API access.

Alternatively, do you have any insight into an efficient way to access the application logs? The only other thing I’m thinking of is sftp-ing log files off of the server and then parsing them manually, which doesn’t sound nearly as usable as the Splunk API.

0 Karma

Esteemed Legend

The best way to test the splunk REST API is to hit it from within a Splunk Search Head. Testing here ensures that there are no firewall or other connection/permission problems. This will allow you to easily assess whether the endpoints you think you need actually do what you need them to do. So login to your Search Head and try them from the search bar like this:

|rest /services/data/indexes
0 Karma
Get Updates on the Splunk Community!

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW!Every day the list of sources Admins are responsible for gets bigger and bigger, often making the ...

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

REGISTER NOW!Join us for a Tech Talk around our latest release of Splunk Enterprise Security 7.2! We’ll walk ...

Introduction to Splunk AI

WATCH NOWHow are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. ...