Getting Data In

Is it possible to set a custom HTTP response header from a custom API endpoint?

plambert
Engager

Given a Splunk Enterprise instance, we'd like to implement a custom API handler that also sets the CORS headers in the response:

Access-Control-Allow-Origin: http://…
Access-Control-Allow-Credentials: true

The goal is to allow a cloud service, with a customer's consent as expressed by installing the custom application AND providing the URL for their Splunk Enterprise instance, to perform a specific search via the custom REST API endpoint handler.

Before we start to dig into it, is there anything in place to prevent or disallow this? Has anyone done this and have any tips?

0 Karma

paramagurukarth
Builder

The doc to implement custom end points in splunk is available here,
Just python implementation..

It internally uses cherrypy, you can set header by

cherrypy.response.headers['Content-Type'] = 'application/json'
0 Karma

arkadyz1
Builder

I've done it and did set at least Access-Control-Allow-Origin with no problem.

0 Karma

marcolesh
Path Finder

Could you give and example, I can´t figure it out. I'm getting No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.

0 Karma

arkadyz1
Builder

How is your API organized? It can be added in more than one way: when I wrote my response, we were adding exta REST API endpoints via etc/system/local/restmap.conf - this makes them accessible through the management port (8089 by default). There you just add your header to the response:

class YourOwnAPIHandler(splunk.rest.BaseRestHandler):
    def handle_POST(self):

      ...
      self.response.setHeader('access-control-allow-origin', '*')
      return

The response by paramagurukarthikeyan below shows how to do that in the custom end points created using <your_app>/default/web.conf and appserver/controllers/<your_endpoints>.py

0 Karma

marcolesh
Path Finder

¡Thank you arkadyz I have succesefully implmented it!
The problem I had was related to CORS.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...