Splunk Search

Unable to run a search through REST API

Contributor

I am trying to run a saved search through the REST API. To test, I was trying to pull up a list.

https://pbdc-splk-01:8089/services/saved/searches

I've used the HttpRequester plugin for FIrefox, as well as used HttpWebRequest in VB.NET. Both I add authentication, and both are unable to connect. I have opened 8089 on the server's firewall. I have seen documentation on this, but see either server:port/servicesNS/admin/saved/seaches or server:port/services/saved/searches. I'm not sure what URL is correct. I've also tried HTTP and HTTPS.

        Dim wr As Net.WebRequest = Net.WebRequest.Create("https://pbdc-splk-01:8089/services/saved/searches")
        Dim ss As New Security.SecureString
        'add password to ss variable'
        wr.Credentials = New Net.NetworkCredential("admin", ss)
        wr.Method = "GET"
        Dim resp As Net.HttpWebResponse = wr.GetResponse()
0 Karma

Splunk Employee
Splunk Employee

You should be able to use the browser and open the endpoint: https://pbdc-splk-01:8089

You will see a services link that if you click it will give you an authentication challenge. If you can do that then the network is OK.

If not, it could be that something like iptables is blocking the 8089 port.

Splunk Employee
Splunk Employee

If https://pbdc-splk-01:8089 is a linux box, look at iptables. If windows, windows firewall or other endpoint protection product.

Also make sure that splunk is running and that the management port hasn't been moved to some other port.

0 Karma

Contributor

Ok, so I'm getting valid responses now. How would I, say, run a search called 'Authenticate'? I've tried https://pbdc-splk-01:8089/servicesNS/admin/search/saved/searches/Authenticate?trigger_action=1 and I get "trigger_action is not supported". I do not want an example in CURL.

0 Karma

Contributor

I swear I tried going directly to that port, and I didn't get anything. Now I do...

0 Karma