Getting Data In

Receiving an HTTP 303 (See Other) response from Splunk Server using the API


I'm trying to communicate with Splunk via the API and I'm getting HTTP 303 errors when I attempt to get the session key. Usernames and passwords have been purposely filled with "user" and "pass". Example is based off of the Splunk documentation.

curl -u user:pass -k -d"username=user&password=pass"

I get this back (cURL reports an HTTP status of 303 - See Other):
This resource can be found at <a href=''></a>.

So I try this:
curl -u user:pass -k -d"username=user&password=pass"

...and I get a 404.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
   This is a static HTML string template to render errors.  To edit this
   template, see appserver/mrsparkle/lib/ 

<html xmlns="" xmlns:splunk="" xml:lang="en">
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>The path '/en-US/services/auth/login' was not found. - Splunk</title>
Tags (1)


It looks like you're hitting the SplunkWeb port, not the management port (aka Splunkd port).

If you dont know what your management port is, login as the admin user, and go to Manager > System Settings > General Settings.

the default value is 8089, but since your SplunkWeb port is 8070 instead of 8000, im guessing the other one was changed too.


This solved my issue. Connecting to management port rather that the WEBUI port.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!