- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- where in splunk do I find the CLI for Rest API
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
where in splunk do I find the CLI for Rest API
I have logged in and "installed" the Rest APi App
I cant seem to find where to go to use it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to the documentation in the link I provided you need to get an activation key for this to work:
Activation Key
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key
Once you have the key you then do the below setup.
Setup
Untar the release to your $SPLUNK_HOME/etc/apps directory
Restart Splunk
If you are using a Splunk UI Browse to Settings -- Data Inputs -- REST to add a new Input stanza via the UI
If you are not using a Splunk UI (ie: you are running on a Universal Forwarder) , you need to add a stanza to inputs.conf directly as per the specification in README/inputs.conf.spec. The inputs.conf file should be placed in a local directory under an App or User context.
Logging
Any log entries/errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log
These are also searchable in Splunk : index=_internal error rest.py
You should see a new option under settings/data inputs that is called "REST" and that is where you put the information that you will call out to Symantec Email.cloud service. It should hopefully be fairly straight forward when using the GUI on your Splunk install.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK,
No Problem,
I am completely a newby to splunk. I am researching how to use a REST API to communicate with Symantec Email.cloud to pull logging. I am probably missing EVERYthing here. I would like to know what I need to get this done in Splunk Enterprise.
I found A document to use but I don't know where I input the information. I am currently using the Free Splunk Enterprise to test.
"Yes you can.
So using this simple test code from the JAVA SDK :
1. Service service = new Service("myfreesplunkhost", 8089);
2. service.login("admin", "scoobydoo");
3.
4. ServiceInfo info = service.getInfo();
5. System.out.println("Info:");
6. for (String key : info.keySet())
7. System.out.println(" " + key + ": " + info.get(key));
8.
By default you'll probably get an error message such as :
1. HTTP 401 -- Remote login disabled because you are using a free license which does not provide authentication. To resolve either switch to the forwarder-only license or the enterprise trial license included with the product. To override this and enable unauthenticated remote management, edit the 'allowRemoteLogin' setting in your server.conf file.
2.
3.
Fortunately, it is simply a matter of adding a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting.
1. [general]
2. allowRemoteLogin = always
3.
Then you don't need to login explicitly :
1. Service service = new Service("myfreesplunkhost", 8089);
2. //removed the login step !!!
3.
4. ServiceInfo info = service.getInfo();
5. System.out.println("Info:");
6. for (String key : info.keySet())
7. System.out.println(" " + key + ": " + info.get(key));
8.
"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm unfamiliar with the "rest api app." Splunk natively supports rest calls to its splunkd process through curl or other http request means. Can you be more specific as to what you installed and what you are trying to do?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Basiclaly I am a complete Newb and I am trying to test this with the Symantec Email.cloud service to pull logging from that service
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this the splunk app you installed? https://splunkbase.splunk.com/app/1546/#/details
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes it is.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What interface am I putting this code:
Yes you can.
So using this simple test code from the JAVA SDK :
1. Service service = new Service("myfreesplunkhost", 8089);
2. service.login("admin", "scoobydoo");
3.
4. ServiceInfo info = service.getInfo();
5. System.out.println("Info:");
6. for (String key : info.keySet())
7. System.out.println(" " + key + ": " + info.get(key));
8.
By default you'll probably get an error message such as :
1. HTTP 401 -- Remote login disabled because you are using a free license which does not provide authentication. To resolve either switch to the forwarder-only license or the enterprise trial license included with the product. To override this and enable unauthenticated remote management, edit the 'allowRemoteLogin' setting in your server.conf file.
2.
3.
Fortunately, it is simply a matter of adding a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting.
1. [general]
2. allowRemoteLogin = always
3.
Then you don't need to login explicitly :
1. Service service = new Service("myfreesplunkhost", 8089);
2. //removed the login step !!!
3.
4. ServiceInfo info = service.getInfo();
5. System.out.println("Info:");
6. for (String key : info.keySet())
7. System.out.println(" " + key + ": " + info.get(key));
8.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I use this and in what interface am I puthing this code?
Yes you can.
So using this simple test code from the JAVA SDK :
1. Service service = new Service("myfreesplunkhost", 8089);
2. service.login("admin", "scoobydoo");
3.
4. ServiceInfo info = service.getInfo();
5. System.out.println("Info:");
6. for (String key : info.keySet())
7. System.out.println(" " + key + ": " + info.get(key));
8.
By default you'll probably get an error message such as :
1. HTTP 401 -- Remote login disabled because you are using a free license which does not provide authentication. To resolve either switch to the forwarder-only license or the enterprise trial license included with the product. To override this and enable unauthenticated remote management, edit the 'allowRemoteLogin' setting in your server.conf file.
2.
3.
Fortunately, it is simply a matter of adding a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting.
1. [general]
2. allowRemoteLogin = always
3.
Then you don't need to login explicitly :
1. Service service = new Service("myfreesplunkhost", 8089);
2. //removed the login step !!!
3.
4. ServiceInfo info = service.getInfo();
5. System.out.println("Info:");
6. for (String key : info.keySet())
7. System.out.println(" " + key + ": " + info.get(key));
8.
New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...
Alerting Best Practices: How to Create Good Detectors
Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...
