Getting Data In

How to use Splunk's REST API or JavaScript SDK to connect directly to Splunk within a browser?

jonfrancais
Explorer

We are looking to build a standalone Chrome application (in JavaScript) using Splunk's RESTful API to the management port 8089.

As this is a Chrome application it is allowed to make the cross-site request directly to the Splunk server. However, when using either the Splunk JS SDK or the RESTful API to connect directly to Splunk, we get certificate errors as the default certificate provided by Splunk is invalid (the Common Name does not match the hosted domain, etc.) The errors in the browser are NET::ERR_INSECURE_RESPONSE and NET::ERR_CERT_COMMON_NAME_INVALID. Using curl works fine, but I presume this is because it makes no attempt to validate certificates.

Ideally, we would like to make the request directly to Splunk, without having to rely on any additional server-side infrastructure for proxying results, using server-side scripts, etc.

As far as I can see, we would need to update the certificate on the management port, but Splunk recommends that this certificate is not changed. (Not able to provide the link here, but can be found under "Secure inter-splunk communication with SSL")

What are the recommendations for getting around this? Is this type of direct access not supported?

Any help would be very much appreciated!

alacercogitatus
SplunkTrust
SplunkTrust

What do you mean "Chrome application"? If you are using Nodejs, then the application will work in any browser. You will have to specify not to validate the certificates. The SplunkJS SDK doesn't have the option to ignore certs (afaik), so that will need to be handled in your server-side validation (nodejs).

For a more detailed answer, please include which technologies you are using to build your Application (including server-side and client-side interfaces). Thanks!

Full documentation on the SDK is here: http://docs.splunk.com/Documentation/JavaScriptSDK

jonfrancais
Explorer

Thanks for your response. We are just making a direct AJAX call to the management endpoint and wrapping it into a very basic Chrome application - not using NodeJS or any other client-side technologies. We have no other server-side interfaces apart from the management endpoint (and would ideally like to avoid any additional infrastructure, if possible). I don't believe it's possible to disable the certificate validation in Chrome, even within Applications or Extensions (which is understandable).

Could you elaborate on what you mean by "using NodeJs" such that it will work?

Thanks again.

kartik13
Communicator

any lead on this.Even i am trying to do the same thing .Any idea how to proceed.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...