Splunk Enterprise Security

Splunk Enterprise Security: API 'notable_update' error - Invalid method for this endpoint

OBsecurity
Explorer

Hello!

I'm trying to query the notable_update service via api (.../services/notable_update)
and get error of - "Invalid method for this endpoint"

My user has the admin role.
I'm authenticating Splunk with SAML.

  1. I have granted 'edit_notable_events' capability both or ess_user and ess_analyst roles on Splunk Enterprise Security configuration.
  2. I have granted my user both ess_user and ess_analyst roles.

Thanks

0 Karma

ArikSiem
New Member

Your using the wrong method
Probably get instead of post ?

0 Karma

OBsecurity
Explorer

its just a simple as that -
https://:8089/services/notable_update

both web and curl

0 Karma

richgalloway
SplunkTrust
SplunkTrust

@OBsecurity If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

OBsecurity
Explorer

no problem

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...