Splunk® Enterprise

REST API Tutorials

Download manual as PDF

Download topic as PDF

Using the REST API with Splunk Cloud

To access your Splunk Cloud deployment using the Splunk REST API and SDKs, submit a support case requesting access on the Support Portal. For managed deployments, Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API. For self-service deployments, Splunk Support defines a dedicated user and sends you credentials that enable that user to access the REST API.

Note: You cannot use SAML authentication with the REST API.

URL for accessing the REST API

Managed Splunk Cloud deployments
Use the following URL for single-instance deployments.

https://<deployment-name>.cloud.splunk.com:8089

Use the following URL for clustered deployments.

https://<deployment-name>.splunkcloud.com:8089

Self-service Splunk Cloud deployments
To get the required credentials, submit a support case on the Support Portal. After installing the credentials, use the following URL.

https://input-<deployment-name>.cloud.splunk.com:8089

Authentication and authorization

Username and password authentication is required for access to endpoints and REST operations.

Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.

Administrative role limitations

To protect the integrity of Splunk Cloud deployments, the Splunk Cloud administrative role sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API.  

  • Modifying configuration of deployment servers and client configurations and distributed components (indexers, search heads, clustering)
  • Restarting a Splunk Cloud deployment
  • Executing debug commands
  • Install apps and modify app configurations

Clustered deployment limitations

If you have a managed Splunk Cloud deployment with search head clustering and index clustering, the REST API supports access to the search head only. You can use the REST API to interact with the search head in your deployment. Using the REST API to access any other cluster member nodes is not supported.

Authorized users can access and configure other cluster members, including indexer, cluster master, and license master nodes, in the Splunk Cloud manager user interface. 

PREVIOUS
Introduction
  NEXT
Managing objects in the REST API

This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters