I am attempting to restart a universal forwarder which is running on a Windows server. I enter the following: hxxps://server:8089/services/server/control/restart, replacing "server" with the hostname/ip of the server. I am then prompted to enter the admin user/password.
After the credentials are accepted, instead of the forwarder restarting, I receive the following:
In handler 'server-control': Invalid request, restart requires POST (handler: server-control, action:restart, eai action: list).
Assistance with this would be greatly appreciated.
Well the message is pretty clear, it says
restart requires POST and like in the docs http://docs.splunk.com/Documentation/Splunk/6.2.3/RESTREF/RESTsystem#server.2Fcontrol.2Frestart use the provided example and run
curl -k -u admin:changeme https://localhost:8089/services/server/control/restart -X POST
and it will work. But, I don't know if this is going to work on an UF as well, since the supported remote commands http://docs.splunk.com/Documentation/Splunk/6.2.3/Admin/AccessandusetheCLIonaremoteserver do not include
Start, stop, restart Status, version
Maybe you can provide an update if it's working 😉
Hope that helps ...