Getting Data In

c# Remote access using SPLUNK API

szymon_cwieka
Explorer

So I have a Splunk server on Linux. I can log in from Windows chrome browser (https) to my (NOT ADMIN) account, but I want to do it by application. I am trying to figure out what should be: HOST, PORT, SCHEME. Let's say I got my Splunk server on address 11.1.22.123.

Should I log in on 8000 or 8089 port? What should be written in my HOST - 11.1.22.123? And SCHEME should be only https, or full website address (like https://splunk.myweb.com)?

Can I even log in on my non-admin account remotely using an application?

Tags (4)
0 Karma
1 Solution

szymon_cwieka
Explorer

It turned out it was heck of a problem in my company, but all of troubleshooting with connection was because of that, not api or splunk. Anyway, to get this straight for anyone other wondering:
Host is normal IP. I don't know how other system but from Linux server to Windows client connection is just fine.
Port is - like Chris above said - depending on server configuration.
Scheme was https

Topic closed.

View solution in original post

szymon_cwieka
Explorer

It turned out it was heck of a problem in my company, but all of troubleshooting with connection was because of that, not api or splunk. Anyway, to get this straight for anyone other wondering:
Host is normal IP. I don't know how other system but from Linux server to Windows client connection is just fine.
Port is - like Chris above said - depending on server configuration.
Scheme was https

Topic closed.

ChrisG
Splunk Employee
Splunk Employee

The port values depend on your configuration. 8089 is the default. Have you looked at the C# SDK documentation about connecting and logging on to Splunk Enterprise?

szymon_cwieka
Explorer

OK, so i've done checking security, etc. Port is surely open, and there is nothing, that is blocking it. I see in my visual studio, that program is trying to get into splunk (by putting HOST as splunk ip), but still all i get is 401 error - unauthorized. At this moment i am out of ideas what should next step be.

I don't know what could throw 401 error. Is it possible that it's not synchronized config of splunk and app?

0 Karma

szymon_cwieka
Explorer

Yes, I have. There is no problem for me to connect to local server, on my admin account with same api, and using same code. But it's local machine, and admin account, i need connection to remote machine and on non-admin account.

Question is - how to point correctly remote server in code? Normally on local machine you just put name of server, but remotely? - ip adress and server name somehow? Don't know, and that is why i am asking here 🙂

Trying to figure out the differences between logging on local machine and remote machine; on admin acc and non-admin acc.

0 Karma
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...