Splunk Search

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

Koushik_Katta
Explorer

One of our clients is trying to use REST API services. He is working on a Web/mobile team which is considering an innovation project involving a Splunk integration. Basically, better tracking/early notification of errors so that we can prevent them. We’re attempting to work with the Splunk API, but we can’t seem to connect to the documented endpoints.

All we know from him is that he is getting 404 errors. How to troubleshoot and to rectify this?

thanks in advance.

0 Karma

paimonsoror
Builder

Koushik;

Have you checked to make sure that the users who are trying to use the REST endpoints are part of a role that contains the 'REST_' related capabilities?

https://answers.splunk.com/answers/217229/what-capabilities-does-a-rest-api-only-user-need.html

0 Karma

Koushik_Katta
Explorer

When he is accessing the URLs in the documentation which he is working on REST-API (splunk.xxxxxx.com/services/search/jobs)he was redirected to en-US and given a 404 error

0 Karma

paimonsoror
Builder

Even after you added the REST related capabilities to his user role?

Did you include port 8089 in the url? (the example you gave is missing the port)

0 Karma

Koushik_Katta
Explorer

No he haven't included port , the thing i understood from him is he is trying to create a saved search as per document

http://docs.splunk.com/Documentation/Splunk/6.4.3/RESTTUT/RESTsearches

when he is trying to give splunk.xxxxxx.com/services/search/jobs it is giving 404 Error .

0 Karma

paimonsoror
Builder

You need to specify the port since the RESTful services are not on the default web port.

https://mysearchhead.server.com:8089/services/search/jobs

0 Karma

Koushik_Katta
Explorer

The user have been set to basic_user role, will if i give power user to him will it work

0 Karma

paimonsoror
Builder

I dont believe power has the rest capabilities by default. You may want to create a new role called 'user_with_rest' which extends the 'user' role, and just adds the rest capabilities.

This way you are not granting the person more rights than necessary.

0 Karma

Koushik_Katta
Explorer

Can anyone help in this !

0 Karma
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...