Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Accessing Splunk Cloud Logs through Rest API

krishna821
Engager
‎05-20-2025 11:14 AM

Hello,

This is Krishna and I have been some POC about accessing Splunk logs through Rest API's. I was successful in calling the Rest API's through Spunk Enterprise version but in my company we have Splunk Cloud and so unable to call Rest API's as how I was able to do in Splunk Enterprise edition. I would like to know the details of how I can call Splunk Rest API's for Cloud edition.

Below are my findings

On my local instance of Splunk when I hit the below url it lists all the services available
https://localhost:8089/services(it asked me for admin credentials which I provided) in which I am interested in the https://localhost:8089/services/search/jobs 
so would like to call the similar ones for Cloud version
 
Thanks in Advance.
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎05-20-2025 11:45 AM

You could access SCP’s REST api, but you must enable it first. Here is instructions how to do it https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTTUT/RESTandCloud

View solution in original post

Reply
Solved! Jump to solution

livehybrid
Super Champion
‎05-20-2025 12:43 PM

Hi @krishna821 

Most of the REST API endpoints you're likely using for on-premise are also available in Cloud.

The SplunkCloud REST API docs are at https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTREF/RESTprolog 

You will need to ensure your egress IP is allow-listed on your Splunk Cloud environment as by default this is restricted. If you are not an admin on the Splunk Cloud platform then you will need to speak to your admin team to setup the allow-listing. For more information check out https://docs.splunk.com/Documentation/SplunkCloud/9.3.2411/Config/ConfigureIPAllowList

Note: I would recommend using Token authentication over user/password login. If your Splunk Cloud instance is using SAML/SSO authentication then you will need to use a token. 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎05-20-2025 11:45 AM

You could access SCP’s REST api, but you must enable it first. Here is instructions how to do it https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTTUT/RESTandCloud

Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
Top