Building for the Splunk Platform

Encountered problem during Dev Tutorial - First App - <msg type="ERROR">Action forbidden.</msg>

state_larson_ti
Path Finder

I was going through the tutorial to build "your first app" on the Splunk Development site here, and I could not get the api call to create an index.

 

Running on a windows 10 Development box (trial license).

Splunk Enterprise

Version:8.2.6

Build:a6fe1ee8894b

 

The command below fails and I am not sure why.  I can use one of the other two options (CLI or WebUI) to create the index, but wanted to know why the REST API option failed.

 

C:\apps\splunk\bin>curl -k -u "user":"password" https://localhost:8089/servicesNS/admin/search/data/indexes -d name="devtutorial"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Action forbidden.</msg>
</messages>
</response>

 

Apologies for the formatting, but when I tried to insert it as code, it said it was invalid. I have included an image version below.

screenshot_invalid.png

Thank you.

 

Labels (1)
0 Karma
1 Solution

state_larson_ti
Path Finder

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

View solution in original post

Tags (1)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@state_larson_ti 

I think you have to pass the user details which has administrator previlledge without double quote.

 

curl -k -u admin:admin123 https://localhost:8089/servicesNS/admin/search/data/indexes -d name=devtutorial

 

Thanks
KV
 
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated. 

0 Karma

state_larson_ti
Path Finder

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...