When I try to run this command in REST API
curl -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export
I get this error...
* About to connect() to myserver port 80 (#0)
* Trying 1.1.1.1... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
I edited some fields for my privacy.
Does anyone know how to fix this? I'm rather new at Splunk and Rest API
The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.
Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.
Hi,
For next users geting this problem after upgrade to splunk 6.2 or later, Splunk now allow only tls v1.2 as ssl version (http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/SetyourSSLversion
).
I had rest api from a late curl program, and had to update curl.
Then the curl command must specify sslversion:
curl --tlsv1.2 -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export
Hope that helps.
Olivier.
The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.
Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.
How to do that in your specific setup is beyond my knowledge my friend 🙂 If you have access to the box and there's a local firewall on it blocking access to port 8089, then open a port there. If it's a matter of a firewall somewhere along the network path from your box to the Splunk server, you need to fix it there.
Hmm. How would I be able to fix a firewall problem if that is what's causing this?
Sounds like firewall issues. I see that it is connecting on port 80, but like I said, unless you actually changed the splunkd port, port 80 is NOT the port you want to be connecting to.
But it is connecting to the server on port 80. When I switch it to 8089 it times out. Can you think of anything else?
Updated this with a different error. Does anyone know what "SSL3_GET_RECORD:wrong version number" means?