Restart Splunk Inputs through API Call

omuelle1 · ‎07-22-2020

Hi,

I am having an issue that the Microsoft 0365 Reporting Add-On continues to stop working. We found that usually a restart of the input in the WebUI fixes the issue. Now I was wondering if it possible to restart those inputs through an API call.

I found the command that Splunk performs when you disable the Inputs in the Add-On to be from tine internal logs:

admin [22/Jul/2020:09:49:19.674 -0400] "POST /servicesNS/nobody/TA-MS_O365_Reporting/data/inputs/ms_o365_message_trace/ms_o365_message_trace/disable HTTP/1.1"

I have tried in powershell different variations of this command below but didn't have any luck so far. Is possible to call these WebUI commands through an API command ?

Invoke-Restmethod -Uri  http://localhost:8088/servicesNS/nobody/TA-MS_O365_Reporting/data/inputs/ms_o365_message_trace/ms_o365_message_trace/disable -Method POST

Invoke-Restmethod : {"text":"The requested URL was not found on this server.","code":404}
At line:1 char:1
+ Invoke-Restmethod -Uri  http://localhost:8088/servicesNS/nobody/TA-MS ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you,

Oliver

Restart Splunk Inputs through API Call

rest API

SDK

Splunk Web Framework

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

Restart Splunk Inputs through API Call

rest API

SDK

Splunk Web Framework

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases