Splunk Cloud Platform

Setting up the ACS API for accessing the Splunk Cloud REST API?

tomapatan
Communicator

I`m trying to query Splunk Cloud using the REST API so that I can export some data externally, however I`m not entirely sure how to download/install/configure the ACS Open API 3.0 specification. The Splunk documentation is a bit ambiguous.

I`m also unable to setup a new authentication token, receiving the error below. I`m using an admin account.

 

 

curl -u username:password -X POST https://admin.splunk.com/[myValidStackName]/adminconfig/v2/tokens
{"code":"401-unauthorized","message":"{\"messages\":[{\"type\":\"ERROR\",\"text\":\"Unauthorized\"}]}. Please refer https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSerrormessages for general troubleshooting tips."}

 

 

 

 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

As the name implies, Admin Config Service (ACS) is for making administrative configuration changes to a Splunk Cloud stack.  It does not provide a means for exporting data.

The 401 error means the credentials supplied with the ACS request are incorrect.

---
If this reply helps you, Karma would be appreciated.
0 Karma

tomapatan
Communicator

Thanks for the reply.

I`ve managed to create the token using a native user account and I can successfully query the Admin Config Services API, but I`m having issues getting data from the REST API, receiving a timed out message.

curl https://[myValidStackName].splunkcloud.com:8089/services/saved/searches/

Am I using the correct endpoint ?

Also, can the REST API  be queried using the token, or do I  have to provide credentials ?

Many thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...