Getting Data In

What special capabilities (permissions) are required to run the REST API?

rmorschel
Explorer

Hi,

What special capabilities (permissions) are required to run the REST API? A colleague and I are both running one of the search examples: he gets results, but I get a FATAL empty search error. He is an admin, but I am not (though I do have access via the web to run queries).

Robert
P.S. My role "dealing" is equivalent to the built in "power" role, capabilties are:

change_own_password
get_metadata
get_typeahead
list_inputs
request_remote_tok
rest_apps_view
rest_properties_get
rest_properties_set
rtsearch
schedule_search
search

Labels (1)
0 Karma
1 Solution

rmorschel
Explorer

The problem appears to have been with the version of curl I was using. This works fine with
curl 7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

whereas

curl 7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3

did not work.

View solution in original post

0 Karma

leomeyerovich
Explorer

It took us awhile to get for Graphistry! For running regular Splunk REST searches without needing an admin user, create a role with capabilities search and rest_properties_get and assign that role to your user. You can build up from there.

0 Karma

rmorschel
Explorer

The problem appears to have been with the version of curl I was using. This works fine with
curl 7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

whereas

curl 7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3

did not work.

0 Karma

Drainy
Champion

Just done some testing and my test user with the user role can access all endpoints I would expect a user to based on their permissions within Splunk. E.g. it can view role information that relates to its user only. If I try to access anything for the admin user via servicesNS then it correctly throws a, In handler 'users': You do not have permissions to access objects of user=admin at me.

Is the search you're running a saved search with only his permissions to run? If you paste the details and steps you take I'd be happy to give it a proper try step by step.

Drainy
Champion

well you're trying to hit the admin user endpoint there, instead of /admin/search you need to use /morschr/search. EDIT: Just tested it with my test user and hitting /test/search and it returned perfectly 🙂

Subarna
Explorer

Hi Team

  I am getting the below error while trying to access  splunk Rest API . . I am trying to login using the username and password.  Is there any other access required to successfully Login .Please help on the same.

Below is the code snippet

 

Map<String,Object> connectionArgs=new HashMap<String,Object>();
connectionArgs.put("host", "myHost");

connectionArgs.put("username", "myUsename");
connectionArgs.put("password", "myPassword");
connectionArgs.put("port",8089);
connectionArgs.put("scheme","https");

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

Service service=Service.connect(connectionArgs);

 

Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Login failed
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:452)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)

0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi  @Subarna 

I’m a Community Moderator in the Splunk Community. Thanks for contributing as a member in the forum!

This question was posted  10 years ago and might not get the attention you need for your own question to be answered. I suggest you please post a brand new question so your issue can get more visibility. To increase your chances of getting help from the community,(Please feel free to link to this answer in your question, but try to describe the issue clearly yourself, in case there are any details that might matter that were different for you from this prior post.) follow these guidelines in the Splunk Answers User Manual when creating your post.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

I only know enough to confirm that it's a complex topic. See Accessing Splunk resources in the REST API Reference for more information about the particulars. You might need to have admin permissions to get the results you want. Other (more knowledgable!) people might have a better answer for you.

rmorschel
Explorer

Thanks for this. What bothers me is that all the examples use an admin user... which is an issue for me since I am not an admin, and shouldn't really need to be.

Hopefully someone else will shed some light on this.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...