Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Is it possible to set a custom HTTP response heade...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to set a custom HTTP response header from a custom API endpoint?
Given a Splunk Enterprise instance, we'd like to implement a custom API handler that also sets the CORS headers in the response:
Access-Control-Allow-Origin: http://…
Access-Control-Allow-Credentials: true
The goal is to allow a cloud service, with a customer's consent as expressed by installing the custom application AND providing the URL for their Splunk Enterprise instance, to perform a specific search via the custom REST API endpoint handler.
Before we start to dig into it, is there anything in place to prevent or disallow this? Has anyone done this and have any tips?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The doc to implement custom end points in splunk is available here,
Just python implementation..
It internally uses cherrypy, you can set header by
cherrypy.response.headers['Content-Type'] = 'application/json'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've done it and did set at least Access-Control-Allow-Origin with no problem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you give and example, I can´t figure it out. I'm getting No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How is your API organized? It can be added in more than one way: when I wrote my response, we were adding exta REST API endpoints via etc/system/local/restmap.conf - this makes them accessible through the management port (8089 by default). There you just add your header to the response:
class YourOwnAPIHandler(splunk.rest.BaseRestHandler):
def handle_POST(self):
...
self.response.setHeader('access-control-allow-origin', '*')
return
The response by paramagurukarthikeyan below shows how to do that in the custom end points created using <your_app>/default/web.conf and appserver/controllers/<your_endpoints>.py
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
¡Thank you arkadyz I have succesefully implmented it!
The problem I had was related to CORS.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
