Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk remote query

Bluekeeper
Engager
‎02-07-2025 12:42 AM

Hi, i want to move a file from a client into Deployment Server via Search Head. I was thinking of something like 

| makeresults
| eval content="the content of text file that need to be sent over to DS."
| search 
    [ | rest splunk_server=ds /services/search/jobs search="| outputlookup test.csv" ]



Bluekeeper_0-1738917524307.png

 


but it seems that the rest command does not support anything except search (it does not work with pipes after search either),  but it is not the same using rest from cli or rest queries from outside Splunk. 

Since it would be a challenge to store credentials in an app protected, doing it using script or cli would be my last option. Doing it using the web interface would be better for further development.

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2025 01:26 AM

Hi @Bluekeeper ,

sorry but I don't understand your requirement: why do you want to do this?

About your question: REST is used only for searching.

About credentials, you could try to store them using the encryption from Splunk, but I don't understand what you want to do.

I can suppose that you whould modify some conf file in the deployment-apps folder of the Deployment Server, in this case the only solution is a script outside the Splunk web gui.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2025 01:26 AM

Hi @Bluekeeper ,

sorry but I don't understand your requirement: why do you want to do this?

About your question: REST is used only for searching.

About credentials, you could try to store them using the encryption from Splunk, but I don't understand what you want to do.

I can suppose that you whould modify some conf file in the deployment-apps folder of the Deployment Server, in this case the only solution is a script outside the Splunk web gui.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Bluekeeper
Engager
‎02-11-2025 07:45 AM

Yes i wanted to be able to upload a conf file from search head into the Deployment Server which would results it being pulled by UFs but as you said it's not possible through the rest api and the GUI. Can you provide any references on how to safely use credentials using splunk encryption so i don't leave credentials unprotected ?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...