Howdy all,
I'm working in PowerShell and accessing the REST API and I'm running in to a problem. My goal is to create a bunch of tags which is all fine and good until I try and change the ACLs on the tag and I get the error "Unknown endpoint."
Here's the code I'm using right now
$taginfo = "add=moname::" + $vm.Name
$aclinfo = "perms.read=*&sharing=global"
$endpoint = "/services/search/tags"
$baseuri = "https://{searchhead}:8089"
$uri = $baseuri + $endpoint + "/" + $folder.Name
Invoke-RestMethod -Verbose -Uri $uri -Method Post -Headers $headers -Body $taginfo
Invoke-RestMethod -Verbose -Uri $uri -Method Get -Headers $headers
$uri += "/acl"
#Invoke-RestMethod -Verbose -Uri $uri -Method Post -Headers $headers -Body = $aclinfo
Invoke-RestMethod -Verbose -Uri $uri -Method Get -Headers $headers
The portion that creates the tag works just fine. And I can get information about the tag that has been created back. As soon as I try and connect to the acl endpoint I get the "Unknown endpoint" error.
I'm guessing that there is something really obvious that I'm missing, what is it?
Please and Thank You
Colin J.
After some more research and reading through the restmap.conf file I found the following
# Tags by tag name do not support ACL read or write. The UI looks bad when some
# entities support sharing and permissions while others do not.
[eai:ntags]
showInDirSvc = false
I am taking this to mean that you cannot modify the ACLs for tags via REST.
To this I say BOOOOOOO!
If anyone from Splunk is reading this please mark this as something to be fixed/changed/corrected in the next minor release. Effectively the state of things now is that while you can create and remove tags there's no way to make them visible to anyone other than the user creating the tags. What I want is a programmatic way to bulk create and manage tags. I have a dynamic environment in which hosts come and go. I'd like to make sure that as new hosts come in to being I can give them relevant tags based on our organization.
To answer your other question, just omit the equal sign. "-parameter $variable" will do. Make sense?
After some more research and reading through the restmap.conf file I found the following
# Tags by tag name do not support ACL read or write. The UI looks bad when some
# entities support sharing and permissions while others do not.
[eai:ntags]
showInDirSvc = false
I am taking this to mean that you cannot modify the ACLs for tags via REST.
To this I say BOOOOOOO!
If anyone from Splunk is reading this please mark this as something to be fixed/changed/corrected in the next minor release. Effectively the state of things now is that while you can create and remove tags there's no way to make them visible to anyone other than the user creating the tags. What I want is a programmatic way to bulk create and manage tags. I have a dynamic environment in which hosts come and go. I'd like to make sure that as new hosts come in to being I can give them relevant tags based on our organization.
So now that I've been trying different ways to solve this and no matter what I try I still get "Unknown endpoint" I'm starting to wonder if there is an /acl endpoint for tags.
So, is it possible to change the permissions (ACLs) for a tag through the REST API?
Another data point for this. I can reproduce this behavior (unknown endpoint) in python as well as powershell.
/sidenote: I know it's commented out, but you can't do "-Body = $aclinfo" like this. That would give a syntax error I think.
The URI would be something like this:
https://{searchhead}:8089/services/search/tags/{tag_name}/acl
Just to be clear, can you give a sample value for what $uri is equal to when it fails?