Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Rest access to indexer from search head without password

nhalakatti_splu
Splunk Employee
Splunk Employee
‎05-20-2019 10:04 AM

I am trying to print the status and the hardware info for my indexers by executing the rest endpoint /services/server/info for each of the indexers on the search head by getting the indexer ip's from /services/search/distributed/peers endpoint. Given that the user has admin credentials and access, we can get the auth token to execute rest calls on search head using auth/login endpoint. Is there a way we can access the indexers from the search head without using the auth/login endpoint which requires indexer credentials input in the rest call. So basically if the username /password are different on indexers compared to the search head I need to keep taking the input credentials for each indexer to get the indexer information on the search head.

Is there a way to accomplish this without asking indexer credentials? or Is there a way as an admin I can get the credentials for accessing the indexers and then I can use the auth/login way?

Note: There is the trusted.pem that contains the public key of SH in SPLUNK_HOME/etc/auth/distServerKeys on the search that is distributed to indexers on adding the peer. But I believe this is more useful in SSH. Not sure if this can be used in a REST call to indexer

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎05-21-2019 01:09 AM

Yes you can achieve this but it will still require you to fetch Session Key for each Indexer first on SH. When you hit /services/search/distributed/peers REST endpoint on SH, you will get list of all Indexers and for each Indexer there is remote_session which is Session Key.

So you can use that remote_session in curl as given below

curl -k -H "Authorization: Splunk INDEXER_REMOTE_SESSION_KEY" https://<indexer_host_ip>:8089/services/server/info

View solution in original post

Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎05-21-2019 01:09 AM

Yes you can achieve this but it will still require you to fetch Session Key for each Indexer first on SH. When you hit /services/search/distributed/peers REST endpoint on SH, you will get list of all Indexers and for each Indexer there is remote_session which is Session Key.

So you can use that remote_session in curl as given below

curl -k -H "Authorization: Splunk INDEXER_REMOTE_SESSION_KEY" https://<indexer_host_ip>:8089/services/server/info
Reply
Solved! Jump to solution

nhalakatti_splu
Splunk Employee
Splunk Employee
‎05-21-2019 01:14 PM

Thanks @harsmarvania57 ! This does the trick!

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-20-2019 11:39 AM

You do this via | rest search command or using curl (or any other rest tool)?

0 Karma
Reply
Solved! Jump to solution

nhalakatti_splu
Splunk Employee
Splunk Employee
‎05-20-2019 12:33 PM

curl like mechanism

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...