Solved: Where do I point my REST API if I have search head...

a212830 · ‎08-24-2014

Hi,

If I have Search-Head-Pooling configured, where do I point my REST API? To a physical server? If so, doesn't that defeat the purpose?

Damien_Dallimor · ‎08-24-2014

Well , you'd likely connect through your load balancer which would route your connection request to 1 of the instances of the Search Head Pool and maintain affinity to that instance for the duration of your REST API session connection.

Or , you could connect to each Search Head instance directly. Really depends on the use case you are trying to satisfy.

View solution in original post

Damien_Dallimor · ‎08-24-2014

Well , you'd likely connect through your load balancer which would route your connection request to 1 of the instances of the Search Head Pool and maintain affinity to that instance for the duration of your REST API session connection.

Or , you could connect to each Search Head instance directly. Really depends on the use case you are trying to satisfy.

a212830 · ‎08-25-2014

Thought so. OK, thanks!

Damien_Dallimor · ‎08-24-2014

8000 is your Splunk Web port. You'd need a Load Balancing rule for HTTPS protocol on port 8089 (or whatever port you have setup for you management port) and with session affinity/sticky session configured.

a212830 · ‎08-24-2014

OK, my load-balancer listen for the management port - it listens on port 8000 - do people setup a separate load-balance for the REST API, or am I missing something?

Where do I point my REST API if I have search head pooling configured?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases