CODEWITHSUNDEEP
restsplunk
Satishakumar Awati
Satishakumar Awati

Reputation: 3798

How do I know Splunk REST API Base URL?

We have Splunk deployed in https://splunkit.corp.company.com (url modified).

and able to access Splunk Web home page on https://splunkit.corp.company.com/en-US/app/launcher/home (url modified).

I am building a dashboard application which uses the JSON data provided by Splunk REST services.

I have gone through the link and rest end points as here.

From above links I got know

I need to make post request to services/auth/login with username and password. This returns session key which will be used in further API calls.

Have to make post request to services/search/jobs to create a search. This returns search id.

I need to check services/search/jobs/ for search complete.

If search complete Then I can retrieve results using services/search/jobs//results.

The problem here I facing is I don't know whats the base URL. I tried constructing https://splunkit.corp.company.com/en-US/services/auth/login and etc but not working.

Any help appreciated. Thanks

Upvotes: 5

Views: 5664

Answers (1)

Happy
Happy

Reputation: 825

I had the same question earlier. Well here is an workaround to find out the REST API Base URL. I found this solution by accident in fact.

  • In the Firefox browser, open the Web Developer / Network tool, to inspect the URLs between your local computer and the Splunk server
  • Logon to the Splunk via Web Interface
  • We assume you had finished a search beforehand, so there should be an Job stored on the Server already. Then, we click the Activity / Jobs link at the right top location of the window
  • There will be a list of jobs listed. Choose any job, click the Job / Delete Job button, then the Job search result will be deleted.
  • In the Web Developer tool, inspect the URL when deleting the job

For me, I got an URL looks like:

https://the-company-splunk-server.com/en-US/splunkd/__raw/services/search/jobs/scheduler_search_RMD554b7a649e94cdf69_at_1526886000_58534?output_mode=json

The top secret is: the URL before /services/ is the REST API Base URL. In this case, the base URL is:

https://the-company-splunk-server.com/en-US/splunkd/__raw/services/

Test the Base URl

We can try this Base URL for login with CURL:

curl --insecure https://the-company-splunk-server.com/en-US/splunkd/__raw/services/auth/login -d username=your-user -d password=your-password

We got the following result:

<response>
<sessionKey>kq6gkXO_dFcJzJG2XpwZs1IwfhH8MkkYDaBsZrPxZh8</sessionKey>
</response>

So the test is succeed. We have proven the base URL works.

Good luck.

Upvotes: 7

Related Questions