Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable to run a search through REST API

tmontney
Builder
‎08-05-2016 11:30 AM

I am trying to run a saved search through the REST API. To test, I was trying to pull up a list.

https://pbdc-splk-01:8089/services/saved/searches

I've used the HttpRequester plugin for FIrefox, as well as used HttpWebRequest in VB.NET. Both I add authentication, and both are unable to connect. I have opened 8089 on the server's firewall. I have seen documentation on this, but see either server:port/servicesNS/admin/saved/seaches or server:port/services/saved/searches. I'm not sure what URL is correct. I've also tried HTTP and HTTPS.

        Dim wr As Net.WebRequest = Net.WebRequest.Create("https://pbdc-splk-01:8089/services/saved/searches")
        Dim ss As New Security.SecureString
        'add password to ss variable'
        wr.Credentials = New Net.NetworkCredential("admin", ss)
        wr.Method = "GET"
        Dim resp As Net.HttpWebResponse = wr.GetResponse()
0 Karma
Reply

sjohnson_splunk
Splunk Employee
Splunk Employee
‎08-05-2016 11:35 AM

You should be able to use the browser and open the endpoint: https://pbdc-splk-01:8089

You will see a services link that if you click it will give you an authentication challenge. If you can do that then the network is OK.

If not, it could be that something like iptables is blocking the 8089 port.

Reply

sjohnson_splunk
Splunk Employee
Splunk Employee
‎08-05-2016 11:57 AM

If https://pbdc-splk-01:8089 is a linux box, look at iptables. If windows, windows firewall or other endpoint protection product.

Also make sure that splunk is running and that the management port hasn't been moved to some other port.

0 Karma
Reply

tmontney
Builder
‎08-05-2016 12:45 PM

Ok, so I'm getting valid responses now. How would I, say, run a search called 'Authenticate'? I've tried https://pbdc-splk-01:8089/servicesNS/admin/search/saved/searches/Authenticate?trigger_action=1 and I get "trigger_action is not supported". I do not want an example in CURL.

0 Karma
Reply

tmontney
Builder
‎08-05-2016 11:44 AM

I swear I tried going directly to that port, and I didn't get anything. Now I do...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Mile High Learning with Splunk University, Denver, Colorado

If Denver is known for its mile-high elevation, Splunk University is about to raise the bar on technical ...

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...