Getting Data In
Highlighted

Is there a way to distribute cluster-bundle through REST API?

Engager

I know that for doing the distribution of cluster-bundle there exist two documented ways: Using the WEB UI and also using the CLI, but my question is, is there any way to do using the REST API?

The reason of my need is because I'm developing an application that creates new indexes in the indexes.conf file which is inside master-apps/_cluster/local directory, and now the only thing that left is to do the deployment of those changes over the peer nodes.

Please help... 🙂

Tags (3)
Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

SplunkTrust
SplunkTrust

Yeah there is - anything that can be done through the UI can be done through the REST API.

Sadly, this endpoint doesn't seem to be documented. I gather it's a POST to /services/cluster/master/control/default/apply from looking at $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/js/models/services/cluster/master/Control.js ... however, without documentation it's a bit of a gamble to rely on that.

View solution in original post

Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

Engager

Thank you very much, this is exactly what I need.

0 Karma
Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

Communicator

can we use --skip-validation if we use this rest point

0 Karma
Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

SplunkTrust
SplunkTrust

I'd say "probably", because the CLI parameter likely is just passed to the REST call.

The endpoint still isn't documented on http://docs.splunk.com/Documentation/Splunk/6.4.1/RESTREF/RESTcluster - I've asked the docs team, we'll see.

0 Karma
Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

Communicator

Just checked with splunk support and Its not possible.

0 Karma
Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

SplunkTrust
SplunkTrust

Well, the parameter has to exist - how else would the CLI tell splunkd what to do?

Based on quick trial-and-error, the parameter is likely called skip-validation:

curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d skip-validation=true -X POST

...no error.

curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d fake-parameter=true -X POST

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">
 In handler 'clustermastercontrol': Argument "fake-parameter" is not supported by this handler.</msg>
  </messages>
</response>

Switching true and false didn't change anything for me, but then there are no errors in my bundle...

Side note: Splunk Support may be correct too, in that there's no documented and supported way right now...

Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

Contributor

this is correct! (and the optional argument is indeed "skip-validation" = true/false, which corresponds to the CLI argument).

the docs should be updated with this info relatively soon!

Highlighted

Re: Is there a way to distribute cluster-bundle through REST API?

SplunkTrust
SplunkTrust

Hooray for educated guessing \o/

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.