Solved: Re: Is there a way to distribute cluster-bundle th...

felipe_conde · ‎07-23-2014

I know that for doing the distribution of cluster-bundle there exist two documented ways: Using the WEB UI and also using the CLI, but my question is, is there any way to do using the REST API?

The reason of my need is because I'm developing an application that creates new indexes in the indexes.conf file which is inside master-apps/_cluster/local directory, and now the only thing that left is to do the deployment of those changes over the peer nodes.

Please help... 🙂

martin_mueller · ‎07-23-2014

Yeah there is - anything that can be done through the UI can be done through the REST API.

Sadly, this endpoint doesn't seem to be documented. I gather it's a POST to /services/cluster/master/control/default/apply from looking at $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/js/models/services/cluster/master/Control.js ... however, without documentation it's a bit of a gamble to rely on that.

View solution in original post

martin_mueller · ‎07-23-2014

Yeah there is - anything that can be done through the UI can be done through the REST API.

Sadly, this endpoint doesn't seem to be documented. I gather it's a POST to /services/cluster/master/control/default/apply from looking at $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/js/models/services/cluster/master/Control.js ... however, without documentation it's a bit of a gamble to rely on that.

dxu_splunk · ‎07-19-2016

this is correct! (and the optional argument is indeed "skip-validation" = true/false, which corresponds to the CLI argument).

the docs should be updated with this info relatively soon!

martin_mueller · ‎07-19-2016

Hooray for educated guessing \o/

martin_mueller · ‎06-28-2016

Well, the parameter has to exist - how else would the CLI tell splunkd what to do?

Based on quick trial-and-error, the parameter is likely called skip-validation:

curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d skip-validation=true -X POST

...no error.

curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d fake-parameter=true -X POST

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">
 In handler 'clustermastercontrol': Argument "fake-parameter" is not supported by this handler.</msg>
  </messages>
</response>

Switching true and false didn't change anything for me, but then there are no errors in my bundle...

Side note: Splunk Support may be correct too, in that there's no documented and supported way right now...

martin_mueller · ‎06-27-2016

I'd say "probably", because the CLI parameter likely is just passed to the REST call.

The endpoint still isn't documented on http://docs.splunk.com/Documentation/Splunk/6.4.1/RESTREF/RESTcluster - I've asked the docs team, we'll see.

i2sheri · ‎06-28-2016

Just checked with splunk support and Its not possible.

i2sheri · ‎06-23-2016

can we use --skip-validation if we use this rest point

felipe_conde · ‎07-24-2014

Thank you very much, this is exactly what I need.

Is there a way to distribute cluster-bundle through REST API?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation