Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What special capabilities (permissions) are required to run the REST API?

rmorschel
Explorer
‎09-28-2012 09:21 AM

Hi,

What special capabilities (permissions) are required to run the REST API? A colleague and I are both running one of the search examples: he gets results, but I get a FATAL empty search error. He is an admin, but I am not (though I do have access via the web to run queries).

Robert
P.S. My role "dealing" is equivalent to the built in "power" role, capabilties are:

change_own_password
get_metadata
get_typeahead
list_inputs
request_remote_tok
rest_apps_view
rest_properties_get
rest_properties_set
rtsearch
schedule_search
search

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rmorschel
Explorer
‎10-01-2012 05:13 AM

The problem appears to have been with the version of curl I was using. This works fine with
curl 7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

whereas

curl 7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3

did not work.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

leomeyerovich
Explorer
‎08-07-2018 07:05 PM

It took us awhile to get for Graphistry! For running regular Splunk REST searches without needing an admin user, create a role with capabilities search and rest_properties_get and assign that role to your user. You can build up from there.

0 Karma
Reply
Solved! Jump to solution
Solution

rmorschel
Explorer
‎10-01-2012 05:13 AM

The problem appears to have been with the version of curl I was using. This works fine with
curl 7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

whereas

curl 7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3

did not work.

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎10-01-2012 01:41 AM

Just done some testing and my test user with the user role can access all endpoints I would expect a user to based on their permissions within Splunk. E.g. it can view role information that relates to its user only. If I try to access anything for the admin user via servicesNS then it correctly throws a, In handler 'users': You do not have permissions to access objects of user=admin at me.

Is the search you're running a saved search with only his permissions to run? If you paste the details and steps you take I'd be happy to give it a proper try step by step.

Reply
Solved! Jump to solution

Drainy
Champion
‎10-01-2012 02:33 AM

well you're trying to hit the admin user endpoint there, instead of /admin/search you need to use /morschr/search. EDIT: Just tested it with my test user and hitting /test/search and it returned perfectly 🙂

Reply
Solved! Jump to solution

Subarna
Explorer
‎11-26-2022 05:51 AM

Hi Team

  I am getting the below error while trying to access  splunk Rest API . . I am trying to login using the username and password.  Is there any other access required to successfully Login .Please help on the same.

Below is the code snippet

 

Map<String,Object> connectionArgs=new HashMap<String,Object>();
connectionArgs.put("host", "myHost");

connectionArgs.put("username", "myUsename");
connectionArgs.put("password", "myPassword");
connectionArgs.put("port",8089);
connectionArgs.put("scheme","https");

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

Service service=Service.connect(connectionArgs);

 

Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Login failed
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:452)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)

0 Karma
Reply
Solved! Jump to solution

SanjayReddy
SplunkTrust
SplunkTrust
‎11-26-2022 08:10 PM

Hi  @Subarna 

I’m a Community Moderator in the Splunk Community. Thanks for contributing as a member in the forum!

This question was posted  10 years ago and might not get the attention you need for your own question to be answered. I suggest you please post a brand new question so your issue can get more visibility. To increase your chances of getting help from the community,(Please feel free to link to this answer in your question, but try to describe the issue clearly yourself, in case there are any details that might matter that were different for you from this prior post.) follow these guidelines in the Splunk Answers User Manual when creating your post.

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎09-28-2012 09:51 AM

I only know enough to confirm that it's a complex topic. See Accessing Splunk resources in the REST API Reference for more information about the particulars. You might need to have admin permissions to get the results you want. Other (more knowledgable!) people might have a better answer for you.

Reply
Solved! Jump to solution

rmorschel
Explorer
‎10-01-2012 01:01 AM

Thanks for this. What bothers me is that all the examples use an admin user... which is an issue for me since I am not an admin, and shouldn't really need to be.

Hopefully someone else will shed some light on this.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...