Building for the Splunk Platform

Encountered problem during Dev Tutorial - First App - <msg type="ERROR">Action forbidden.</msg>

state_larson_ti
Path Finder

I was going through the tutorial to build "your first app" on the Splunk Development site here, and I could not get the api call to create an index.

 

Running on a windows 10 Development box (trial license).

Splunk Enterprise

Version:8.2.6

Build:a6fe1ee8894b

 

The command below fails and I am not sure why.  I can use one of the other two options (CLI or WebUI) to create the index, but wanted to know why the REST API option failed.

 

C:\apps\splunk\bin>curl -k -u "user":"password" https://localhost:8089/servicesNS/admin/search/data/indexes -d name="devtutorial"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Action forbidden.</msg>
</messages>
</response>

 

Apologies for the formatting, but when I tried to insert it as code, it said it was invalid. I have included an image version below.

screenshot_invalid.png

Thank you.

 

Labels (1)
0 Karma
1 Solution

state_larson_ti
Path Finder

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

View solution in original post

Tags (1)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@state_larson_ti 

I think you have to pass the user details which has administrator previlledge without double quote.

 

curl -k -u admin:admin123 https://localhost:8089/servicesNS/admin/search/data/indexes -d name=devtutorial

 

Thanks
KV
 
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated. 

0 Karma

state_larson_ti
Path Finder

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...