Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Where should I point my REST API requests in a distributed deployment?

sharad06
Explorer
‎08-28-2017 06:02 PM

Hi Splunk Experts,

I am writing a script that aims to do a periodic reachability and config check on my Splunk deployment from a remote Linux machine. I'm mostly doing it by issuing REST API calls to retrieve the status of my indexes, data inputs and searches. I issue REST API requests to the single Splunk Enterprise server and can get all the data by sending this to a more or less static, user-configured host/port.

This works fine in a standalone non-distributed Splunk Enterprise environment, but I'm wondering what changes would be needed to make it work in a distributed Splunk environment. Would I need to ask the user to provide details (ip/port) of all components of his Splunk distributed environment? Is there a component in Splunk distributed deployment that can consume all REST API requests and route them to the correct machine?

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mattymo
Splunk Employee
Splunk Employee
‎08-29-2017 03:24 AM

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mattymo
Splunk Employee
Splunk Employee
‎08-29-2017 03:24 AM

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...