Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk remote query

Bluekeeper
Engager
‎02-07-2025 12:42 AM

Hi, i want to move a file from a client into Deployment Server via Search Head. I was thinking of something like 

| makeresults
| eval content="the content of text file that need to be sent over to DS."
| search 
    [ | rest splunk_server=ds /services/search/jobs search="| outputlookup test.csv" ]



Bluekeeper_0-1738917524307.png

 


but it seems that the rest command does not support anything except search (it does not work with pipes after search either),  but it is not the same using rest from cli or rest queries from outside Splunk. 

Since it would be a challenge to store credentials in an app protected, doing it using script or cli would be my last option. Doing it using the web interface would be better for further development.

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2025 01:26 AM

Hi @Bluekeeper ,

sorry but I don't understand your requirement: why do you want to do this?

About your question: REST is used only for searching.

About credentials, you could try to store them using the encryption from Splunk, but I don't understand what you want to do.

I can suppose that you whould modify some conf file in the deployment-apps folder of the Deployment Server, in this case the only solution is a script outside the Splunk web gui.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2025 01:26 AM

Hi @Bluekeeper ,

sorry but I don't understand your requirement: why do you want to do this?

About your question: REST is used only for searching.

About credentials, you could try to store them using the encryption from Splunk, but I don't understand what you want to do.

I can suppose that you whould modify some conf file in the deployment-apps folder of the Deployment Server, in this case the only solution is a script outside the Splunk web gui.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Bluekeeper
Engager
‎02-11-2025 07:45 AM

Yes i wanted to be able to upload a conf file from search head into the Deployment Server which would results it being pulled by UFs but as you said it's not possible through the rest api and the GUI. Can you provide any references on how to safely use credentials using splunk encryption so i don't leave credentials unprotected ?

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top