Building for the Splunk Platform

Encountered problem during Dev Tutorial - First App - <msg type="ERROR">Action forbidden.</msg>

state_larson_ti
Path Finder

I was going through the tutorial to build "your first app" on the Splunk Development site here, and I could not get the api call to create an index.

 

Running on a windows 10 Development box (trial license).

Splunk Enterprise

Version:8.2.6

Build:a6fe1ee8894b

 

The command below fails and I am not sure why.  I can use one of the other two options (CLI or WebUI) to create the index, but wanted to know why the REST API option failed.

 

C:\apps\splunk\bin>curl -k -u "user":"password" https://localhost:8089/servicesNS/admin/search/data/indexes -d name="devtutorial"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Action forbidden.</msg>
</messages>
</response>

 

Apologies for the formatting, but when I tried to insert it as code, it said it was invalid. I have included an image version below.

screenshot_invalid.png

Thank you.

 

Labels (1)
0 Karma
1 Solution

state_larson_ti
Path Finder

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

View solution in original post

Tags (1)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@state_larson_ti 

I think you have to pass the user details which has administrator previlledge without double quote.

 

curl -k -u admin:admin123 https://localhost:8089/servicesNS/admin/search/data/indexes -d name=devtutorial

 

Thanks
KV
 
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated. 

0 Karma

state_larson_ti
Path Finder

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...