Splunk Cloud Platform

In Splunk Cloud I am able to create index from REST API's but it is not visible to me from Splunk cloud web?

krishnabv
Explorer

Hello Team,

I am creating index from from Splunk Cloud REST API's, it is getting created and it is not visible to me from Splunk Cloud web. is there access issue to my account? I am having following roles.

1)apps,
2)can_delete,
3)enable_automatic_ui_updates,
4)ite_internal_admin,
5)power,
6)sc_admin,
7)tokens_auth,
8)user

Thanks,
Venkata

 

 

 

 

 

Labels (1)
0 Karma

krishnabv
Explorer

Hello Schose,

Thanks for the reply, this is working for me.

Thanks,
Venkata

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

krishnabv
Explorer

Hi Schose,

I am using below URL and i am getting response as "201 created" in the POSTMAN. Please find the below attachment for the same.

https://localhost:8089/servicesNS/admin/search/data/indexes

 

krishnabv_0-1655906959993.png

Thanks,
Venkata

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If the REST command is sent to the local server (https://localhost) then there is no way for the index to appear on Splunk Cloud since Cloud has no awareness of what happens on your local machines.  You would have to send the same command to Splunk Cloud to have the index created there.

---
If this reply helps you, Karma would be appreciated.
0 Karma

krishnabv
Explorer

Hi richgalloway,

I am using my Splunk cloud details in the URL, just an example i provided the example REST API which is provided by Splunk.

Thanks,
Venkata

0 Karma

schose
Builder

Hi Venkata,

Please use the documented ACS Endpoint: 

https://admin.splunk.com/STACK_NAME/adminconfig/v2/indexes

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Config/ManageIndexes

This works for sure! 😉

Cheers,

Andreas

schose
Builder

Hi Venkata,

IMHO you have to use ACS and not Splunkd for that https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Config/ManageIndexes

what endpoint are you using. How does the reponse look like?

regards,

Andreas

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...