Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable to run a search through REST API

tmontney
Builder
‎08-05-2016 11:30 AM

I am trying to run a saved search through the REST API. To test, I was trying to pull up a list.

https://pbdc-splk-01:8089/services/saved/searches

I've used the HttpRequester plugin for FIrefox, as well as used HttpWebRequest in VB.NET. Both I add authentication, and both are unable to connect. I have opened 8089 on the server's firewall. I have seen documentation on this, but see either server:port/servicesNS/admin/saved/seaches or server:port/services/saved/searches. I'm not sure what URL is correct. I've also tried HTTP and HTTPS.

        Dim wr As Net.WebRequest = Net.WebRequest.Create("https://pbdc-splk-01:8089/services/saved/searches")
        Dim ss As New Security.SecureString
        'add password to ss variable'
        wr.Credentials = New Net.NetworkCredential("admin", ss)
        wr.Method = "GET"
        Dim resp As Net.HttpWebResponse = wr.GetResponse()
0 Karma
Reply

sjohnson_splunk
Splunk Employee
Splunk Employee
‎08-05-2016 11:35 AM

You should be able to use the browser and open the endpoint: https://pbdc-splk-01:8089

You will see a services link that if you click it will give you an authentication challenge. If you can do that then the network is OK.

If not, it could be that something like iptables is blocking the 8089 port.

Reply

sjohnson_splunk
Splunk Employee
Splunk Employee
‎08-05-2016 11:57 AM

If https://pbdc-splk-01:8089 is a linux box, look at iptables. If windows, windows firewall or other endpoint protection product.

Also make sure that splunk is running and that the management port hasn't been moved to some other port.

0 Karma
Reply

tmontney
Builder
‎08-05-2016 12:45 PM

Ok, so I'm getting valid responses now. How would I, say, run a search called 'Authenticate'? I've tried https://pbdc-splk-01:8089/servicesNS/admin/search/saved/searches/Authenticate?trigger_action=1 and I get "trigger_action is not supported". I do not want an example in CURL.

0 Karma
Reply

tmontney
Builder
‎08-05-2016 11:44 AM

I swear I tried going directly to that port, and I didn't get anything. Now I do...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...