Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Encountered problem during Dev Tutorial - First App - <msg type="ERROR">Action forbidden.</msg>

state_larson_ti
Path Finder
‎06-15-2022 09:00 AM

I was going through the tutorial to build "your first app" on the Splunk Development site here, and I could not get the api call to create an index.

 

Running on a windows 10 Development box (trial license).

Splunk Enterprise

Version:8.2.6

Build:a6fe1ee8894b

 

The command below fails and I am not sure why.  I can use one of the other two options (CLI or WebUI) to create the index, but wanted to know why the REST API option failed.

 

C:\apps\splunk\bin>curl -k -u "user":"password" https://localhost:8089/servicesNS/admin/search/data/indexes -d name="devtutorial"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Action forbidden.</msg>
</messages>
</response>

 

Apologies for the formatting, but when I tried to insert it as code, it said it was invalid. I have included an image version below.

screenshot_invalid.png

Thank you.

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

state_larson_ti
Path Finder
‎06-15-2022 11:02 AM

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

View solution in original post

Tags (1)
0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-15-2022 09:20 AM

@state_larson_ti 

I think you have to pass the user details which has administrator previlledge without double quote.

 

curl -k -u admin:admin123 https://localhost:8089/servicesNS/admin/search/data/indexes -d name=devtutorial

 

Thanks
KV
 
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated. 

0 Karma
Reply
Solved! Jump to solution
Solution

state_larson_ti
Path Finder
‎06-15-2022 11:02 AM

Thank you @kamlesh_vaghela.  I had actually tried that and it did not work.  I have been trying a LOT of things, but I could not reproduce it on LINUX or DOCKER (it works just fine).  I also used a linux subsystem to run it against the windows instance of splunk I had locally, and that also failed with the same error.  I suspect it has something to do with using the Trial on Windows 10 (all other use cases worked fine).  I happen to be at .conf, and took this to the developers in the builder bar, and they agree it is a use case they need to test.  The webui and command line work fine using the same credentials.  Not solved, but I suspect it may be a bug, and so it has been reported to Splunk developers.

Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...