Splunk Cloud Platform

Setting up the ACS API for accessing the Splunk Cloud REST API?

tomapatan
Communicator

I`m trying to query Splunk Cloud using the REST API so that I can export some data externally, however I`m not entirely sure how to download/install/configure the ACS Open API 3.0 specification. The Splunk documentation is a bit ambiguous.

I`m also unable to setup a new authentication token, receiving the error below. I`m using an admin account.

 

 

curl -u username:password -X POST https://admin.splunk.com/[myValidStackName]/adminconfig/v2/tokens
{"code":"401-unauthorized","message":"{\"messages\":[{\"type\":\"ERROR\",\"text\":\"Unauthorized\"}]}. Please refer https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSerrormessages for general troubleshooting tips."}

 

 

 

 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

As the name implies, Admin Config Service (ACS) is for making administrative configuration changes to a Splunk Cloud stack.  It does not provide a means for exporting data.

The 401 error means the credentials supplied with the ACS request are incorrect.

---
If this reply helps you, Karma would be appreciated.
0 Karma

tomapatan
Communicator

Thanks for the reply.

I`ve managed to create the token using a native user account and I can successfully query the Admin Config Services API, but I`m having issues getting data from the REST API, receiving a timed out message.

curl https://[myValidStackName].splunkcloud.com:8089/services/saved/searches/

Am I using the correct endpoint ?

Also, can the REST API  be queried using the token, or do I  have to provide credentials ?

Many thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...