Getting Data In

Where should I point my REST API requests in a distributed deployment?

sharad06
Explorer

Hi Splunk Experts,

I am writing a script that aims to do a periodic reachability and config check on my Splunk deployment from a remote Linux machine. I'm mostly doing it by issuing REST API calls to retrieve the status of my indexes, data inputs and searches. I issue REST API requests to the single Splunk Enterprise server and can get all the data by sending this to a more or less static, user-configured host/port.

This works fine in a standalone non-distributed Splunk Enterprise environment, but I'm wondering what changes would be needed to make it work in a distributed Splunk environment. Would I need to ask the user to provide details (ip/port) of all components of his Splunk distributed environment? Is there a component in Splunk distributed deployment that can consume all REST API requests and route them to the correct machine?

Thanks.

0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo

View solution in original post

0 Karma

mattymo
Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...