Solved: Can Cloud indexers instances access to the storage...

danipv · ‎06-26-2023

We are developing a custom search command which requires access to an authenticated third party service.

As the doc states, `As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.`

This apply by extension to the add-ons executed by the users?

isoutamo · ‎06-26-2023

Hi

cloud user haven’t remote rest access capability which are needed to access rest api on indexers.
r. Ismo

View solution in original post

isoutamo · ‎06-26-2023

Hi

cloud user haven’t remote rest access capability which are needed to access rest api on indexers.
r. Ismo

danipv · ‎06-27-2023

I see,

So, is there an alternative to access storage/passwords from a python command when is executed in the indexers tier? Maybe read the API in the search head and pass in some way to the indexers?

Thanks.

isoutamo · ‎06-27-2023

Is there any special need to run those on idx side instead of SH side? Is it possible to refactoring your app so that this kind of activities have done on SH or those needed files (e.g. lookups) are stored in search bundle?

Can Cloud indexers instances access to the storage/passwords REST API?

using Splunk Cloud

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?