Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why does REST API access work via a web browser, b...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm accessing my forwarder's REST API endpoints like so in a web browser and it works:
https://10.10.10.10:8089/services/configs/inputs
When I try to do the same via curl:
curl -k -u 'my.splunk.username' https://10.10.10.10:8089/services/configs/inputs
I get "Unauthorized" instead:
Enter host password for user 'my.splunk.username':
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Unauthorized</msg>
</messages>
</response>
Is there something else I need to enable on my forwarder to allow these calls?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sadly, the issue was that the CLI way of adding a user really messes up on a LOT of special characters. I had to reset my password without them.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sadly, the issue was that the CLI way of adding a user really messes up on a LOT of special characters. I had to reset my password without them.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you providing -u argument you need to provide authentication 'username:password'
curl -k -u 'username:password' https://10.10.10.10:8089/services/configs/inputs
One more thing, I see here is the network IP you are using, it could be sitting inside same private network but in different VPC.
Try adding the hostname to no_proxy variable and then do a CURL, adding the host will allow the request not enter through Internet Gateway but will treat the other host VPC in same private network.
Add your host to no_proxy env variable
bash$ env | grep no_proxy
bash$ export no_proxy=$no_proxy,10.10.10.10
then try
bash$ curl -k -u 'username:password' 'https://10.10.10.10:8089/services/configs/inputs'
or
bash$ curl https://10.10.10.10:8089/services/configs/inputs
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you connecting from the same remote machine in both examples, or is one (the browser) local on the server that has the forwarder and curl is done remotely? Also, are you doing both calls with 'my.splunk.username'?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm connecting from the same machine (my laptop) and using the same credentials. My account has the admin role. Do I need to give it more roles possibly?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you providing both user name and password in the curl command, the same user name ans password that you'll use in browser?
curl -k -u username:password https://10.10.10.10:8089/services/configs/inputs
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
