Getting Data In

Where should I point my REST API requests in a distributed deployment?

Explorer

Hi Splunk Experts,

I am writing a script that aims to do a periodic reachability and config check on my Splunk deployment from a remote Linux machine. I'm mostly doing it by issuing REST API calls to retrieve the status of my indexes, data inputs and searches. I issue REST API requests to the single Splunk Enterprise server and can get all the data by sending this to a more or less static, user-configured host/port.

This works fine in a standalone non-distributed Splunk Enterprise environment, but I'm wondering what changes would be needed to make it work in a distributed Splunk environment. Would I need to ask the user to provide details (ip/port) of all components of his Splunk distributed environment? Is there a component in Splunk distributed deployment that can consume all REST API requests and route them to the correct machine?

Thanks.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Hi sharad06!

In a distributed environment, you would simply need to ensure that each instance you want to talk to is reachable on 8089, and yes you would need credentials.

Technically you are re-creating a functionality of the management console, which already makes rest calls to all peers and can alarm if they are down and report on configs. You should check it out as, at the very least, you can get an idea of how it does the checks. At the end of the day it sounds like you should simply install Splunk on your remote box and run an instance of the Management Console.

http://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview

View solution in original post

0 Karma