Getting Data In

c# Remote access using SPLUNK API

szymon_cwieka
Explorer

So I have a Splunk server on Linux. I can log in from Windows chrome browser (https) to my (NOT ADMIN) account, but I want to do it by application. I am trying to figure out what should be: HOST, PORT, SCHEME. Let's say I got my Splunk server on address 11.1.22.123.

Should I log in on 8000 or 8089 port? What should be written in my HOST - 11.1.22.123? And SCHEME should be only https, or full website address (like https://splunk.myweb.com)?

Can I even log in on my non-admin account remotely using an application?

Tags (4)
0 Karma
1 Solution

szymon_cwieka
Explorer

It turned out it was heck of a problem in my company, but all of troubleshooting with connection was because of that, not api or splunk. Anyway, to get this straight for anyone other wondering:
Host is normal IP. I don't know how other system but from Linux server to Windows client connection is just fine.
Port is - like Chris above said - depending on server configuration.
Scheme was https

Topic closed.

View solution in original post

szymon_cwieka
Explorer

It turned out it was heck of a problem in my company, but all of troubleshooting with connection was because of that, not api or splunk. Anyway, to get this straight for anyone other wondering:
Host is normal IP. I don't know how other system but from Linux server to Windows client connection is just fine.
Port is - like Chris above said - depending on server configuration.
Scheme was https

Topic closed.

ChrisG
Splunk Employee
Splunk Employee

The port values depend on your configuration. 8089 is the default. Have you looked at the C# SDK documentation about connecting and logging on to Splunk Enterprise?

szymon_cwieka
Explorer

OK, so i've done checking security, etc. Port is surely open, and there is nothing, that is blocking it. I see in my visual studio, that program is trying to get into splunk (by putting HOST as splunk ip), but still all i get is 401 error - unauthorized. At this moment i am out of ideas what should next step be.

I don't know what could throw 401 error. Is it possible that it's not synchronized config of splunk and app?

0 Karma

szymon_cwieka
Explorer

Yes, I have. There is no problem for me to connect to local server, on my admin account with same api, and using same code. But it's local machine, and admin account, i need connection to remote machine and on non-admin account.

Question is - how to point correctly remote server in code? Normally on local machine you just put name of server, but remotely? - ip adress and server name somehow? Don't know, and that is why i am asking here 🙂

Trying to figure out the differences between logging on local machine and remote machine; on admin acc and non-admin acc.

0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...