Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I created a new index, but why am I not able to access it via REST API to post data to the new index?

sh0stat_25
Engager
‎03-31-2016 11:17 AM

I created a new index called perftestresults and I am able to see it when I search using the below Splunk command, but when I run a post command to the index, I get the below error:

Splunk Command

| eventcount summarize=false index=* index=_* | dedup index | fields index

Error Returned:

<msg type="WARN">supplied index 'perftestresults' missing</msg>

Post I am sending:

POST https://test:8089/services/receivers/simple?index=perftestresults
payload= "This is a test
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-31-2016 01:50 PM

Talk to your admin about

  • Where you are trying to send to
  • Where they defined the indexes
  • If you want to migrate to the 6.3 HTTP Event Collector

http://dev.splunk.com/view/event-collector/SP-CAAAE6M

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-31-2016 02:03 PM

If the indexers' REST endpoint listing indexes doesn't list that index then I'd say that indexer doesn't have that index defined.

0 Karma
Reply

sh0stat_25
Engager
‎04-04-2016 10:16 AM

still not able to see it. trying a few other things but the API is not able to see the new index that was created.

0 Karma
Reply

sh0stat_25
Engager
‎03-31-2016 01:56 PM

where are the defined the indexes - indexes are deined in 4 indexers

where you are trying to send to - sending to indexer

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-31-2016 01:34 PM

Did you define the index on the receiving instance?

0 Karma
Reply

sh0stat_25
Engager
‎03-31-2016 01:39 PM

That i am not sure about as i am only the consumer. i will have to check with my Splunk SA.

would you main explaining how i would go about doing that so i can have him cross check

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-31-2016 01:25 PM

Are you on one standalone Splunk or in a distributed environment?

0 Karma
Reply

sh0stat_25
Engager
‎03-31-2016 01:30 PM

distributed environment

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-31-2016 01:19 PM

What do you get when you GET https://test:8089/services/data/indexes against the same Splunk instance you POSTed to?

Reply

sh0stat_25
Engager
‎03-31-2016 01:24 PM

i get other indexes which are listed but i dont get the one that i am looking for which is the "perftestresults" but it is displayed when i search splunk for indexes which is strange.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...