I was able to get the API functionality to work from a local instance, but having trouble with the Cloud Instance.
curl -v -k -u username https://input-instance.cloud.splunk.com:8089/services/messages
I keep getting an "Unauthorized" response back, things I tried:
-UID from setting up the splunk account
-My first name
-admin
Also tried a couple different passwords but no joy. Any help is appreciated, thanks.
p.s.
Using the trial version.
Looks like this is dead in the water:
http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/User/Admintasks
To use the REST API, you must have a paid subscription to Splunk Cloud.
Boooooo!!!!
Looks like this is dead in the water:
http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/User/Admintasks
To use the REST API, you must have a paid subscription to Splunk Cloud.
Boooooo!!!!
See if this helps: http://docs.splunk.com/Documentation/Splunk/6.6.1/RESTTUT/RESTandCloud
Yep, read that document but it doesn't mention "what" account to use. My user account and the generic 'admin' account do not seem to work.
Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.
I think your admin should work but you might like to check to see if your admin is added to the admin role