Getting Data In

How to use Splunk's REST API or JavaScript SDK to connect directly to Splunk within a browser?

jonfrancais
Explorer

We are looking to build a standalone Chrome application (in JavaScript) using Splunk's RESTful API to the management port 8089.

As this is a Chrome application it is allowed to make the cross-site request directly to the Splunk server. However, when using either the Splunk JS SDK or the RESTful API to connect directly to Splunk, we get certificate errors as the default certificate provided by Splunk is invalid (the Common Name does not match the hosted domain, etc.) The errors in the browser are NET::ERR_INSECURE_RESPONSE and NET::ERR_CERT_COMMON_NAME_INVALID. Using curl works fine, but I presume this is because it makes no attempt to validate certificates.

Ideally, we would like to make the request directly to Splunk, without having to rely on any additional server-side infrastructure for proxying results, using server-side scripts, etc.

As far as I can see, we would need to update the certificate on the management port, but Splunk recommends that this certificate is not changed. (Not able to provide the link here, but can be found under "Secure inter-splunk communication with SSL")

What are the recommendations for getting around this? Is this type of direct access not supported?

Any help would be very much appreciated!

alacercogitatus
SplunkTrust
SplunkTrust

What do you mean "Chrome application"? If you are using Nodejs, then the application will work in any browser. You will have to specify not to validate the certificates. The SplunkJS SDK doesn't have the option to ignore certs (afaik), so that will need to be handled in your server-side validation (nodejs).

For a more detailed answer, please include which technologies you are using to build your Application (including server-side and client-side interfaces). Thanks!

Full documentation on the SDK is here: http://docs.splunk.com/Documentation/JavaScriptSDK

jonfrancais
Explorer

Thanks for your response. We are just making a direct AJAX call to the management endpoint and wrapping it into a very basic Chrome application - not using NodeJS or any other client-side technologies. We have no other server-side interfaces apart from the management endpoint (and would ideally like to avoid any additional infrastructure, if possible). I don't believe it's possible to disable the certificate validation in Chrome, even within Applications or Extensions (which is understandable).

Could you elaborate on what you mean by "using NodeJs" such that it will work?

Thanks again.

kartik13
Communicator

any lead on this.Even i am trying to do the same thing .Any idea how to proceed.

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...