Splunk Dev

Can you use the Splunk SDK with the free version of Splunk (not the trial license)?

philwild
Explorer

I'd like to query Splunk with the SDK. I'm using the free version, after switching from a trial license.

I cannot get it to work.

This page seems to suggest it is possible (https://haydz.github.io/2021/01/02/Python-Connect-Splunk.html)

Are there certain steps that need to be taken to get this working?

Labels (2)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

here is one old solution https://community.splunk.com/t5/Security/Does-Splunk-Free-License-allow-usage-of-REST-API/m-p/101697

I suppose that your issue is that free version haven’t user authentication and SDK is experiencing it. Previous answer told how it could avoid. 

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

here is one old solution https://community.splunk.com/t5/Security/Does-Splunk-Free-License-allow-usage-of-REST-API/m-p/101697

I suppose that your issue is that free version haven’t user authentication and SDK is experiencing it. Previous answer told how it could avoid. 

0 Karma

philwild
Explorer

Thanks!

I tried this initially and it did not work. I just assumed things had changed given the age of the post.

I've tried it again and it does work. Obviously I did something wrong the first time.

It's working.

Within the SDK, I'm using username "admin" and a blank password.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

That's one thing. Another thing is that obviously you won't be able to manipulate features that are not enabled in free version (scheduled searches, forwarder management, clustering...).

If you have a valid use case consider applying for a dev or dev/test license (read terms for those license types and see if you fit any of those).

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...