Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk remote query

Bluekeeper
Engager
‎02-07-2025 12:42 AM

Hi, i want to move a file from a client into Deployment Server via Search Head. I was thinking of something like 

| makeresults
| eval content="the content of text file that need to be sent over to DS."
| search 
    [ | rest splunk_server=ds /services/search/jobs search="| outputlookup test.csv" ]



Bluekeeper_0-1738917524307.png

 


but it seems that the rest command does not support anything except search (it does not work with pipes after search either),  but it is not the same using rest from cli or rest queries from outside Splunk. 

Since it would be a challenge to store credentials in an app protected, doing it using script or cli would be my last option. Doing it using the web interface would be better for further development.

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2025 01:26 AM

Hi @Bluekeeper ,

sorry but I don't understand your requirement: why do you want to do this?

About your question: REST is used only for searching.

About credentials, you could try to store them using the encryption from Splunk, but I don't understand what you want to do.

I can suppose that you whould modify some conf file in the deployment-apps folder of the Deployment Server, in this case the only solution is a script outside the Splunk web gui.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2025 01:26 AM

Hi @Bluekeeper ,

sorry but I don't understand your requirement: why do you want to do this?

About your question: REST is used only for searching.

About credentials, you could try to store them using the encryption from Splunk, but I don't understand what you want to do.

I can suppose that you whould modify some conf file in the deployment-apps folder of the Deployment Server, in this case the only solution is a script outside the Splunk web gui.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Bluekeeper
Engager
‎02-11-2025 07:45 AM

Yes i wanted to be able to upload a conf file from search head into the Deployment Server which would results it being pulled by UFs but as you said it's not possible through the rest api and the GUI. Can you provide any references on how to safely use credentials using splunk encryption so i don't leave credentials unprotected ?

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top