Splunk Enterprise

Creation/modification of Splunk configuration objects via REST api in Splunk cloud

koshyk
Super Champion

I've almost created  a  framework to update  Splunk configuration  items for Search Heads   (transforms, props, savedsearches) etc and Create NEW apps via Splunk REST api. This works well in Standalone SH & SH cluster.

Anyone  know if there are restrictions/capability  restrictions kept  in place for Splunk cloud offering?

ie in Cloud offering

- Can  I  create a  new App  via Rest api ?

- Can i create/modify configuration items remotely?

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

You can't create apps using the API and configuration support is limited.  See https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/RESTTUT/RESTandCloud

---
If this reply helps you, Karma would be appreciated.
0 Karma

koshyk
Super Champion

that's really not good.

 >> is restricted from performing the following types of tasks... Installing apps and modifying app configurations

almost cancels the whole point of automation then? How do you guys control the search-time and custom TA configurations in Splunk cloud & Version control them? Manually upload them and give to  Splunk support?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

There's little need to have Splunk support do it for you.  Update your apps off-line making sure you increment the version number in app.conf.  Then upload the app(s) to your Splunk Cloud search head.  Once they pass vetting you can install them and Splunk Cloud will deploy them to the right instance(s).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...