Using the REST API with Splunk Cloud
To access your Splunk Cloud deployment using the Splunk REST API and SDKs, submit a support case requesting access on the Support Portal. For managed deployments, Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API. For self-service deployments, Splunk Support defines a dedicated user and sends you credentials that enable that user to access the REST API.
Note: You cannot use SAML authentication with the REST API.
URL for accessing the REST API
Managed Splunk Cloud deployments
Use the following URL for single-instance managed deployments.
Use the following URL for clustered deployments. If necessary, submit a support case to open port 8089 on your deployment.
Self-service Splunk Cloud deployments
Use the following URL for self-service deployments. To get the required non-SAML user credentials, submit a support case.
Username and password authentication is required for access to endpoints and REST operations.
Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as
admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.
Administrative role limitations
To protect the integrity of Splunk Cloud deployments, the Splunk Cloud administrative role
sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API.
- Modifying configuration of deployment servers and client configurations and distributed components (indexers, search heads, clustering)
- Restarting a Splunk Cloud deployment
- Executing debug commands
- Install apps and modify app configurations
Clustered deployment limitations
If you have a managed Splunk Cloud deployment with search head clustering and index clustering, the REST API supports access to the search head only. You can use the REST API to interact with the search head in your deployment. Using the REST API to access any other cluster member nodes is not supported.
Authorized users can access and configure other cluster members, including indexer, cluster master, and license master nodes, in the Splunk Cloud manager user interface.
Managing objects in the REST API
This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3