I was going through the tutorial to build "your first app" on the Splunk Development site here, and I could not get the api call to create an index.
Running on a windows 10 Development box (trial license).
Version:8.2.6
Build:a6fe1ee8894b
The command below fails and I am not sure why. I can use one of the other two options (CLI or WebUI) to create the index, but wanted to know why the REST API option failed.
C:\apps\splunk\bin>curl -k -u "user":"password" https://localhost:8089/servicesNS/admin/search/data/indexes -d name="devtutorial" <?xml version="1.0" encoding="UTF-8"?> <response> <messages> <msg type="ERROR">Action forbidden.</msg> </messages> </response> |
Apologies for the formatting, but when I tried to insert it as code, it said it was invalid. I have included an image version below.
Thank you.
Thank you @kamlesh_vaghela. I had actually tried that and it did not work. I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine). I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error. I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine). I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test. The webui and command line work fine using the same credentials. Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.
I think you have to pass the user details which has administrator previlledge without double quote.
curl -k -u admin:admin123 https://localhost:8089/servicesNS/admin/search/data/indexes -d name=devtutorial
Thanks
KV
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.
Thank you @kamlesh_vaghela. I had actually tried that and it did not work. I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine). I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error. I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine). I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test. The webui and command line work fine using the same credentials. Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.