Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Setting up an ultra-light front-end instance for API request

sgerogia
New Member
‎10-29-2013 06:16 AM

Hello.

In our company we already have a Splunk 5 setup with multiple search heads and indexers.

What I would like to do is setup a local Splunk instance, which would just accept REST API requests, simply relay them to the existing search head(s) and return back results.
As minimum data as possible are to be maintained on this light instance; I like to think of it as a query proxy.

Does Splunk support this topology?

If yes, which settings in the light instance should I look into? Or perhaps some page in the online docs that I have missed?

Thank you,
S.

UPDATE:
I forgot to clarify that, for whatever historical/obscure reason, direct REST API access to the search heads has been disabled.

Tags (1)
0 Karma
Reply

dmaislin_splunk
Splunk Employee
Splunk Employee
‎11-01-2013 10:11 AM

You have read this?

http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8

0 Karma
Reply

sgerogia
New Member
‎11-01-2013 10:20 AM

This would obviously be better, I agree.
Namely, make a REST call to the local Splunk which would relay it to the remote search head. Do you know how to set the equivalent of the -uri switch in the API request?

0 Karma
Reply

sgerogia
New Member
‎11-01-2013 10:07 AM

I will (almost) answer my own question after some searching.

A (very brutal) way to do it is by using the CLI commands, namely
* Install Splunk locally and start its daemon
* Launch a query from the command line similar to splunk search 'earliest=-10m latest=-1m index=foo host="bar*" sourcetype="test" "some text" AND NOT "other" ' -uri https://remote-splunk:port

Downside is that the first time you are prompted for username/password of the remote host.

Obviously this will only work well for local scripting or batch jobs, not used by a high request-volume server/process.

I hope this helps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...