Splunk Search

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

Koushik_Katta
Explorer

One of our clients is trying to use REST API services. He is working on a Web/mobile team which is considering an innovation project involving a Splunk integration. Basically, better tracking/early notification of errors so that we can prevent them. We’re attempting to work with the Splunk API, but we can’t seem to connect to the documented endpoints.

All we know from him is that he is getting 404 errors. How to troubleshoot and to rectify this?

thanks in advance.

0 Karma

paimonsoror
Builder

Koushik;

Have you checked to make sure that the users who are trying to use the REST endpoints are part of a role that contains the 'REST_' related capabilities?

https://answers.splunk.com/answers/217229/what-capabilities-does-a-rest-api-only-user-need.html

0 Karma

Koushik_Katta
Explorer

When he is accessing the URLs in the documentation which he is working on REST-API (splunk.xxxxxx.com/services/search/jobs)he was redirected to en-US and given a 404 error

0 Karma

paimonsoror
Builder

Even after you added the REST related capabilities to his user role?

Did you include port 8089 in the url? (the example you gave is missing the port)

0 Karma

Koushik_Katta
Explorer

No he haven't included port , the thing i understood from him is he is trying to create a saved search as per document

http://docs.splunk.com/Documentation/Splunk/6.4.3/RESTTUT/RESTsearches

when he is trying to give splunk.xxxxxx.com/services/search/jobs it is giving 404 Error .

0 Karma

paimonsoror
Builder

You need to specify the port since the RESTful services are not on the default web port.

https://mysearchhead.server.com:8089/services/search/jobs

0 Karma

Koushik_Katta
Explorer

The user have been set to basic_user role, will if i give power user to him will it work

0 Karma

paimonsoror
Builder

I dont believe power has the rest capabilities by default. You may want to create a new role called 'user_with_rest' which extends the 'user' role, and just adds the rest capabilities.

This way you are not granting the person more rights than necessary.

0 Karma

Koushik_Katta
Explorer

Can anyone help in this !

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...