I'd like to query Splunk with the SDK. I'm using the free version, after switching from a trial license.
I cannot get it to work.
This page seems to suggest it is possible (https://haydz.github.io/2021/01/02/Python-Connect-Splunk.html)
Are there certain steps that need to be taken to get this working?
Hi
here is one old solution https://community.splunk.com/t5/Security/Does-Splunk-Free-License-allow-usage-of-REST-API/m-p/101697
I suppose that your issue is that free version haven’t user authentication and SDK is experiencing it. Previous answer told how it could avoid.
Hi
here is one old solution https://community.splunk.com/t5/Security/Does-Splunk-Free-License-allow-usage-of-REST-API/m-p/101697
I suppose that your issue is that free version haven’t user authentication and SDK is experiencing it. Previous answer told how it could avoid.
Thanks!
I tried this initially and it did not work. I just assumed things had changed given the age of the post.
I've tried it again and it does work. Obviously I did something wrong the first time.
It's working.
Within the SDK, I'm using username "admin" and a blank password.
That's one thing. Another thing is that obviously you won't be able to manipulate features that are not enabled in free version (scheduled searches, forwarder management, clustering...).
If you have a valid use case consider applying for a dev or dev/test license (read terms for those license types and see if you fit any of those).