What's new? | Help | Directory | Sign in
Google
splunk-labs
All things related to Splunk's Platform, including howtos, examples, APIs, SDKs, etc.
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
Updated Jun 24, 2008 by kordless
Labels: Featured
SplunkEndpoints  

Splunk's REST Endpoints

Starting in version 3.2 and above, Splunk's REST endpoints are served via SSL off the splunkd process using the URL format: https://hostname:port/services/, where hostname is your Splunk server's hostname, and port is the port number on which the splunkd process is listening.

For example, if you are logged into the local machine and Splunk is running on the default ports, you can use https://localhost:8089/services/ to access the REST endpoints. Remember, your mileage may vary depending on the machine's hostname, ports, registered certificates, and firewall settings.

Give it a Spin

If you are logged into the same machine as your Splunk instance and have wget installed, you can cut and paste the following command into your terminal: 

wget -O - -q --no-check-certificate --http-user=admin --http-password=changeme https://localhost:8089/services/

The -O - tells wget you want the response sent to standard output. The --no-check-certificate tells wget that you want it to ignore critical certificate error, which you'll have if you don't have a valid certificate. If you run an enterprise license, you'll need to change the username and password to whatever you made them. If you run the preview version of Splunk, just use what is there - it will authenticate on any username and password.

Note: If you are running the GA release of the free product (3.2.6 as of this writing) you won't be able to get an auth token from the /services/auth/login endpoint. Other endpoints work normally however, and the auth token you pass in the header can be of any value.

You should see an XML formatted ATOM response returned: 

root@foobar [~]# wget -O - -q --no-check-certificate --http-user=admin --http-password=changeme https://localhost:8089/services/
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
  <title>services</title>
  <id>https://localhost:8089/services/</id>
  <updated>2008-01-31T19:15:37-0600</updated>
  <generator version="31749"/>
  <author>
    <name>Splunk</name>
  </author>
  <entry>
    <title>streams</title>
    <id>https://localhost:8089/services/streams</id>
    <updated>2008-01-31T19:15:37-0600</updated>
    <link href="https://localhost:8089/services/streams" rel="alternate"/>
  </entry>
...
...
</feed>

NOTE:In versions 3.1.x and below, Splunk's REST endpoints were served off the SplunkWeb process using the http://yourhost:8000/v3/ URL format. If you are coding against an older version of Splunk, you will need to reference the older documentation for the deprecated /v3/ endpoints.

Move on to Auth >>


Sign in to add a comment