So I have a Splunk server on Linux. I can log in from Windows chrome browser (https) to my (NOT ADMIN) account, but I want to do it by application. I am trying to figure out what should be: HOST, PORT, SCHEME. Let's say I got my Splunk server on address 11.1.22.123.
Should I log in on 8000 or 8089 port? What should be written in my HOST - 11.1.22.123? And SCHEME should be only https, or full website address (like https://splunk.myweb.com)?
Can I even log in on my non-admin account remotely using an application?
It turned out it was heck of a problem in my company, but all of troubleshooting with connection was because of that, not api or splunk. Anyway, to get this straight for anyone other wondering:
Host is normal IP. I don't know how other system but from Linux server to Windows client connection is just fine.
Port is - like Chris above said - depending on server configuration.
Scheme was https
Topic closed.
It turned out it was heck of a problem in my company, but all of troubleshooting with connection was because of that, not api or splunk. Anyway, to get this straight for anyone other wondering:
Host is normal IP. I don't know how other system but from Linux server to Windows client connection is just fine.
Port is - like Chris above said - depending on server configuration.
Scheme was https
Topic closed.
The port values depend on your configuration. 8089 is the default. Have you looked at the C# SDK documentation about connecting and logging on to Splunk Enterprise?
OK, so i've done checking security, etc. Port is surely open, and there is nothing, that is blocking it. I see in my visual studio, that program is trying to get into splunk (by putting HOST as splunk ip), but still all i get is 401 error - unauthorized. At this moment i am out of ideas what should next step be.
I don't know what could throw 401 error. Is it possible that it's not synchronized config of splunk and app?
Yes, I have. There is no problem for me to connect to local server, on my admin account with same api, and using same code. But it's local machine, and admin account, i need connection to remote machine and on non-admin account.
Question is - how to point correctly remote server in code? Normally on local machine you just put name of server, but remotely? - ip adress and server name somehow? Don't know, and that is why i am asking here 🙂
Trying to figure out the differences between logging on local machine and remote machine; on admin acc and non-admin acc.