Splunk Enterprise

Custom REST Endpoints not working?

silambarasu
Explorer

We have created the custom REST endpoints and its working in Splunk server 8.1.3.But same REST end point is not working another splunk server and it show "404 not found"

Labels (2)
Tags (1)
0 Karma

silambarasu
Explorer

working splunk server:

Splunk Enterprise
Version:

8.1.3

Build:

63079c59e632

Server:

PC-317YLL3

Products:

itsi


not working splunk server:

Version:

8.1.3

Build:

63079c59e632

Server:

PC-6SNVCL3

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Could it be that your REST end point is somehow dependent on ITSI?

0 Karma

silambarasu
Explorer

how we get those info...can you pls tell where to check

0 Karma

silambarasu
Explorer

App is installing in new splunk server with out any issue but Custom REST Endpoints only  not showing

0 Karma

dural_yyz
Builder

You have moved the app from a server with ITSI to a server without ITSI.  The permissions might be tied to a role specific to the ITSI app which might not exist on the new server.  Look into your app.conf file for hints.

0 Karma

silambarasu
Explorer

looks like same thing only present on both servers...any other things need to check

Tags (1)
0 Karma

dural_yyz
Builder

I've never developed custom endpoints but the 404 still makes me think of a permissions issue.  Here is a link to developers explanation of permissions.  Calls out specifically authorize.conf and restmap.conf files as requirements.

I would focus on roles and script folder locations as leading causes of 404 not found.

https://dev.splunk.com/enterprise/docs/devtools/customrestendpoints/customrestmanageaccess/
0 Karma

silambarasu
Explorer

No module named 'splunklib'...this error is coming.so,endpoints are not mapped...
can you pls help how to fix this error though we have bundled the splunk libraries

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Could you tell more about those environments and your app?

If your app is using python2 and the another splunk server is 9.x then there is no python2 only python3. Also (if I recall right) 8.2.x has python3 as a default, but 8.1.x has still python2 as default one.

0 Karma

silambarasu
Explorer

No module named 'splunklib'...this error is coming.so,endpoints are not mapped... can you pls help how to fix this error though we have bundled the splunk libraries

0 Karma

isoutamo
SplunkTrust
SplunkTrust

This means that you haven't Splunk Python SDK on your new environment. Usually this is under each app time by time it could be also globally shared from some other apps. Probably this is done on ITSI?

0 Karma

silambarasu
Explorer

is there way to install only splunklib module or bundle with an app?

 

Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

You could found instructions easily by Google. But develop and test that app 1st on your test environment and when it’s ready then install it as an app to your production. 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...