Splunk Cloud Platform

Setting up the ACS API for accessing the Splunk Cloud REST API?

tomapatan
Communicator

I`m trying to query Splunk Cloud using the REST API so that I can export some data externally, however I`m not entirely sure how to download/install/configure the ACS Open API 3.0 specification. The Splunk documentation is a bit ambiguous.

I`m also unable to setup a new authentication token, receiving the error below. I`m using an admin account.

 

 

curl -u username:password -X POST https://admin.splunk.com/[myValidStackName]/adminconfig/v2/tokens
{"code":"401-unauthorized","message":"{\"messages\":[{\"type\":\"ERROR\",\"text\":\"Unauthorized\"}]}. Please refer https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSerrormessages for general troubleshooting tips."}

 

 

 

 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

As the name implies, Admin Config Service (ACS) is for making administrative configuration changes to a Splunk Cloud stack.  It does not provide a means for exporting data.

The 401 error means the credentials supplied with the ACS request are incorrect.

---
If this reply helps you, Karma would be appreciated.
0 Karma

tomapatan
Communicator

Thanks for the reply.

I`ve managed to create the token using a native user account and I can successfully query the Admin Config Services API, but I`m having issues getting data from the REST API, receiving a timed out message.

curl https://[myValidStackName].splunkcloud.com:8089/services/saved/searches/

Am I using the correct endpoint ?

Also, can the REST API  be queried using the token, or do I  have to provide credentials ?

Many thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Use the search/v2/jobs/export endpoint to fetch results.

Yes, you should be able to use tokens to authenticate a REST API call.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTUM/RESTusing#Authentication_and_authorization

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...

Splunk With AppDynamics - Meet the New IT (And Engineering) Couple

Wednesday, November 20, 2024  |  10AM PT / 1PM ET Register Now Join us in this session to learn all about ...