Getting Data In

Where should I point my REST API requests in a distributed deployment?

sharad06
Explorer

Hi Splunk Experts,

I am writing a script that aims to do a periodic reachability and config check on my Splunk deployment from a remote Linux machine. I'm mostly doing it by issuing REST API calls to retrieve the status of my indexes, data inputs and searches. I issue REST API requests to the single Splunk Enterprise server and can get all the data by sending this to a more or less static, user-configured host/port.

This works fine in a standalone non-distributed Splunk Enterprise environment, but I'm wondering what changes would be needed to make it work in a distributed Splunk environment. Would I need to ask the user to provide details (ip/port) of all components of his Splunk distributed environment? Is there a component in Splunk distributed deployment that can consume all REST API requests and route them to the correct machine?

Thanks.

0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo

View solution in original post

0 Karma

mattymo
Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...