Splunk® Enterprise

REST API Tutorials

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Access requirements and limitations for the Splunk Cloud REST API

After you request access, you can use a limited subset of the Splunk Enterprise REST API endpoints with your Splunk Cloud deployment.

Accessing the Splunk Cloud REST API

To access your Splunk Cloud deployment using the Splunk REST API and SDKs, submit a case requesting access using the Splunk Support Portal. For managed deployments, Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API. For e-commerce deployments, Splunk Support defines a dedicated user and sends you credentials that enable that user to access the REST API.

You can make calls with the REST API with a local account or an LDAP account. SAML accounts cannot access the REST API. Free trial Splunk Cloud accounts cannot access the REST API.

Managed Splunk Cloud deployments

Use the following URL for managed deployments. If necessary, submit a support case to open port 8089 on your deployment. Please include the IP Addresses/CIDR Ranges you would like to have access from.

https://<deployment-name>.splunkcloud.com:8089

E-commerce Splunk Cloud deployments

Use the following URL for e-commerce deployments. To get the required non-SAML user credentials, submit a support case.

http://api-<deployment-name>.cloud.splunk.com:8089

Provide your own certificate

Optionally, you can provide your own certificate for the API port. To use your own certificate, submit a case using the Splunk Support Portal. You can request your own cert at the time that you request access to the REST API, or at a later time.

Administrative role limitations

The Splunk Cloud administrative role sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API:  

  • Modifying configuration of deployment servers, client configuration, and distributed components, such as indexers, search heads, and clustering.
  • Restarting a Splunk Cloud deployment
  • Executing debug commands
  • Installing apps and modifying app configurations

REST API access limitations

As a Splunk Cloud user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.

To access to endpoints and REST operations, you need to authenticate with your username and password.

Refer to the following table to see which resource groups have full, partial, or no support in Splunk Cloud. In groups with partial support, typically the endpoints that are not supported are those that interact with a tier other than the search tier.

Category Support level Description
Access control Partial Authorize and authenticate users.
Applications None Install applications and application templates.
Clusters None Configure and manage indexer clusters and search head clusters.
Configuration Partial Manage configuration files and settings.
Deployment None Manage deployment servers and clients.
Inputs None Manage data input.
Introspection None Access system properties.
Knowledge Full Define indexed and searched data configurations.
KV store None Manage app key-value store (KV store).
Licensing None Manage licensing configurations.
Metrics Partial Enumerate metrics.
Outputs None Manage forwarder data configuration.
Search Full Manage searches and search-generated alerts and view objects.
System Partial Manage server configuration.
Workload management Partial Manage system resources for search workloads.
Last modified on 12 January, 2021
 

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters