Security

Does Splunk Free License allow usage of REST API?

Nicholas_Key
Splunk Employee
Splunk Employee

How do I use Splunk REST API with Free License (since user login credentials are not required with Free License)?

Tags (1)
1 Solution

Damien_Dallimor
Ultra Champion

Yes you can.

So using this simple test code from the JAVA SDK :

Service service = new Service("myfreesplunkhost", 8089);
service.login("admin", "scoobydoo"); 

ServiceInfo info = service.getInfo();
System.out.println("Info:");
for (String key : info.keySet())
  System.out.println("    " + key + ": " + info.get(key));

By default you'll probably get an error message such as :

HTTP 401 -- Remote login disabled because you are using a free license which does not provide authentication. To resolve either switch to the forwarder-only license or the enterprise trial license included with the product. To override this and enable unauthenticated remote management, edit the 'allowRemoteLogin' setting in your server.conf file.

Fortunately, it is simply a matter of adding a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting.

[general]
allowRemoteLogin = always

Then you don't need to login explicitly :

Service service = new Service("myfreesplunkhost", 8089);
//removed the login step !!!

ServiceInfo info = service.getInfo();
System.out.println("Info:");
for (String key : info.keySet())
  System.out.println("    " + key + ": " + info.get(key));

View solution in original post

Damien_Dallimor
Ultra Champion

Yes you can.

So using this simple test code from the JAVA SDK :

Service service = new Service("myfreesplunkhost", 8089);
service.login("admin", "scoobydoo"); 

ServiceInfo info = service.getInfo();
System.out.println("Info:");
for (String key : info.keySet())
  System.out.println("    " + key + ": " + info.get(key));

By default you'll probably get an error message such as :

HTTP 401 -- Remote login disabled because you are using a free license which does not provide authentication. To resolve either switch to the forwarder-only license or the enterprise trial license included with the product. To override this and enable unauthenticated remote management, edit the 'allowRemoteLogin' setting in your server.conf file.

Fortunately, it is simply a matter of adding a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting.

[general]
allowRemoteLogin = always

Then you don't need to login explicitly :

Service service = new Service("myfreesplunkhost", 8089);
//removed the login step !!!

ServiceInfo info = service.getInfo();
System.out.println("Info:");
for (String key : info.keySet())
  System.out.println("    " + key + ": " + info.get(key));
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...