Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting up the ACS API for accessing the Splunk Cloud REST API?

tomapatan
Contributor
‎04-03-2023 04:06 AM

I`m trying to query Splunk Cloud using the REST API so that I can export some data externally, however I`m not entirely sure how to download/install/configure the ACS Open API 3.0 specification. The Splunk documentation is a bit ambiguous.

I`m also unable to setup a new authentication token, receiving the error below. I`m using an admin account.

 

 

curl -u username:password -X POST https://admin.splunk.com/[myValidStackName]/adminconfig/v2/tokens
{"code":"401-unauthorized","message":"{\"messages\":[{\"type\":\"ERROR\",\"text\":\"Unauthorized\"}]}. Please refer https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSerrormessages for general troubleshooting tips."}

 

 

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-03-2023 02:13 PM

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

rishav-ukg
Loves-to-Learn Lots
‎12-07-2024 08:31 AM

Hi @tomapatan

I need to call Splunk Cloud REST API endpoints from java service to get back the results of a search query.

Could you please provide the curl to create authentication token and any one REST API endpoint using that token to get data. 

Tags (1)
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2024 02:41 PM

This thread is resolved.  For betters chances of a reply, please post a new question.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎04-03-2023 06:51 AM

As the name implies, Admin Config Service (ACS) is for making administrative configuration changes to a Splunk Cloud stack.  It does not provide a means for exporting data.

The 401 error means the credentials supplied with the ACS request are incorrect.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

tomapatan
Contributor
‎04-03-2023 01:50 PM

Thanks for the reply.

I`ve managed to create the token using a native user account and I can successfully query the Admin Config Services API, but I`m having issues getting data from the REST API, receiving a timed out message.

curl https://[myValidStackName].splunkcloud.com:8089/services/saved/searches/

Am I using the correct endpoint ?

Also, can the REST API  be queried using the token, or do I  have to provide credentials ?

Many thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-03-2023 02:13 PM

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...