Getting Data In

Where should I point my REST API requests in a distributed deployment?

sharad06
Explorer

Hi Splunk Experts,

I am writing a script that aims to do a periodic reachability and config check on my Splunk deployment from a remote Linux machine. I'm mostly doing it by issuing REST API calls to retrieve the status of my indexes, data inputs and searches. I issue REST API requests to the single Splunk Enterprise server and can get all the data by sending this to a more or less static, user-configured host/port.

This works fine in a standalone non-distributed Splunk Enterprise environment, but I'm wondering what changes would be needed to make it work in a distributed Splunk environment. Would I need to ask the user to provide details (ip/port) of all components of his Splunk distributed environment? Is there a component in Splunk distributed deployment that can consume all REST API requests and route them to the correct machine?

Thanks.

0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo

View solution in original post

0 Karma

mattymo
Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

- MattyMo
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...