Get started

Get started

Before you interact with Splunk's endpoints, set up your environment. You have the following options:

• Use one of Splunk's SDKs.
• Or integrate variables within your own script, for example:

$ cat ~/bin/splunk-login
#!/bin/sh
export SPLUNK_URL='https://localhost:8089/services'
export SPLUNK_URL_PROPS="$SPLUNK_URL/properties"
export SPLUNK_AUTH_TOKEN=`curl -k $SPLUNK_URL/auth/login -d"username=admin&password=changeme" 2>/dev/null | grep sessionKey | sed s@'.*<sessionKey>\(.*\)</sessionKey>'@'\1'@`
export SPLUNK_AUTH_HEADER="authorization: Splunk $SPLUNK_AUTH_TOKEN"
source splunk-login

Send a request

Send a request to any REST endpoint with either wget or curl. See the following examples.

Note You can also use a browser to access the endpoints for testing, but you will still need to authenticate. Only the default Splunk auth or the LDAP failsafe user can correctly authenticate from a browser. If you are using an LDAP user other than the failsafe login or a scripted authentication method, you will not be able to test from a browser.

wget

Use wget to access any REST endpoint. Here's a basic example:

wget -O testme --no-check-certificate --post-data="username=admin&password=changeme" "$SPLUNK_URL/auth/login"

This outputs the returned XML to testme and includes a login admin/changeme.

The -O - tells wget you want the response sent to standard output. The --no-check-certificate tells wget that you want it to ignore critical certificate error, which you'll have if you don't have a valid certificate.

curl

Use curl to access any REST endpoint. Here's a basic example:

curl -k -H "$SPLUNK_AUTH_HEADER" "$SPLUNK_URL"

Get a response

You should see an XML formatted ATOM response returned:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
  <title>services</title>
  <id>https://localhost:8089/services/</id>
  <updated>2008-06-11T11:30:48-0700</updated>
  <generator version="37601"/>
  <author>
    <name>Splunk</name>
  </author>
  <entry>
    <title>search</title>
    <id>https://localhost:8089/services/search</id>
    <updated>2008-06-11T11:30:48-0700</updated>
    <link href="https://localhost:8089/services/search" rel="alternate"/>
  </entry>
  <entry>
    <title>data</title>
    <id>https://localhost:8089/services/data</id>
    <updated>2008-06-11T11:30:48-0700</updated>
    <link href="https://localhost:8089/services/data" rel="alternate"/>
  </entry>
  <entry>
    <title>invokeapi</title>
    <id>https://localhost:8089/services/invokeapi</id>
    <updated>2008-06-11T11:30:48-0700</updated>
    <link href="https://localhost:8089/services/invokeapi" rel="alternate"/>
  </entry>
  <entry>
    <title>apps</title>
    <id>https://localhost:8089/services/apps</id>
    <updated>2008-06-11T11:30:48-0700</updated>
    <link href="https://localhost:8089/services/apps" rel="alternate"/>
  </entry>
</feed>

• Was this topic useful?
• Post a comment