Splunk® Enterprise

REST API Tutorials

Splunk Enterprise versions higher than version 9.4.2 are documented on our new documentation portal only. To get started, see the Splunk Enterprise page on help.splunk.com and the Splunk Enterprise 9.4.3 release notes. For information about how version selection works in the new portal, see Version selection on the About This Site page.

Access requirements and limitations for the Splunk Cloud Platform REST API

After you request access, you can use a limited subset of the Splunk Enterprise REST API endpoints with your Splunk Cloud Platform deployment.

Accessing the Splunk Cloud Platform REST API

You might need to take extra steps to access your Splunk Cloud Platform deployment using the Splunk REST API and SDKs. If necessary, you can get access with one of the following options:

  • Use the Admin Config Service (ACS) API search-api/ipallowlists endpoint to add IP addresses to the search-api allow list. For more information about the search-api/ipallowlists endpoint, see Configure IP allow lists for Splunk Cloud Platform.
  • Submit a support case requesting access using the Splunk Support Portal. Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API, so make sure your request includes the IP addresses or CIDR ranges that you want access from.

Free trial Splunk Cloud Platform accounts cannot access the REST API.

After you get REST API access, create authentication tokens to use the REST APIs. Tokens are available for both native Splunk authentication and external authentication through either the LDAP or SAML schemes. To learn more about setting up authentication with tokens, see Set up authentication with tokens in the Securing Splunk Enterprise manual.

Use the following URL for Splunk Cloud Platform deployments: 

https://<deployment-name>.splunkcloud.com:8089

Administrative role limitations

The Splunk Cloud Platform administrative role sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API:  

  • Modifying configuration of deployment servers, client configuration, and distributed components, such as indexers, search heads, and clustering.
  • Restarting a Splunk Cloud Platform deployment
  • Executing debug commands
  • Installing apps and modifying app configurations

REST API access limitations

As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.

To access endpoints and REST operations, you must authenticate with your username and password.

The following table shows which resource groups are supported in Splunk Cloud Platform:

Category Description
Access control Authorize and authenticate users.
Federated Search Create, update, and delete definitions for federated providers and federated indexes.
Knowledge Define indexed and searched data configurations.
KV store Manage the Key Value store.
Metrics Enumerate metrics.
Search Manage searches and search-generated alerts and view objects.
Last modified on 08 April, 2025
Introduction   Managing knowledge objects

This documentation applies to the following versions of Splunk® Enterprise: 9.4.1, 9.4.2, 9.4.0

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters