Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Receiving HTTP 303 When Using Token-Based Authentication with Splunk Cloud REST API

asah
Engager
‎07-16-2025 06:42 AM

Hi Splunk Gurus, 

I’m working on a script to programmatically check if logs from a specific host are available in Splunk. For this, I’m using token-based authentication. I’ve created a role and a user with the necessary permissions, and generated a token for that user.

However, when I try to run the following curl command against my Splunk Cloud instance:

curl -k -H "Authorization: Bearer <your_token>" \ https://<your_splunk_instance>.splunkcloud.com:443/services/server/info

 

I receive a 303 status code, and I’m not sure what I might be doing wrong. I’ve checked multiple forums but haven’t been able to find a clear solution.

Could you please help me understand what might be causing this and how I can resolve it?

Thank you in advance!

Labels (1)
Labels
Tags (2)
0 Karma
Reply

thahir
Communicator
‎07-16-2025 08:20 AM

Hi @livehybrid ,

i have one query, As far as I understand, due to security restrictions, this 8089 port might be blocked or not exposed externally in the Splunk Cloud.

 

Thanks in Advance

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-16-2025 06:53 AM

Hi @asah 

Change the port in your URL from 443 to 8089, as the Splunk REST API endpoints are served on the management port (8089) rather than the web port (443).

You curl command should look like this:

curl -k -H "Authorization: Bearer <your_token>" https://<your_splunk_instance>.splunkcloud.com:8089/services/server/info

This assumes your authentication token is valid and has the necessary permissions (e.g., for accessing server info).

A 303 status code typically indicates a redirect, which can occur when hitting the wrong port or endpoint in Splunk Cloud.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...