Access requirements and limitations for the Splunk Cloud REST API
After you request access, you can use a limited subset of the Splunk Enterprise REST API endpoints with your Splunk Cloud deployment.
Accessing the Splunk Cloud REST API
To access your Splunk Cloud deployment using the Splunk REST API and SDKs, submit a case requesting access using the Splunk Support Portal. Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API. Free trial Splunk Cloud accounts cannot access the REST API.
You can make calls with the REST API with a local account, an LDAP account, or a SAML account. To learn more about setting up authentication with tokens, see Set up authentication with tokens.
Use the following URL for Splunk Cloud deployments. If necessary, submit a support case to open port 8089 on your deployment. Please include the IP Addresses/CIDR Ranges you would like to have access from.
Provide your own certificate
Optionally, you can provide your own certificate for the API port. To use your own certificate, submit a case using the Splunk Support Portal. You can request your own cert at the time that you request access to the REST API, or at a later time.
Administrative role limitations
The Splunk Cloud administrative role
sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API:
- Modifying configuration of deployment servers, client configuration, and distributed components, such as indexers, search heads, and clustering.
- Restarting a Splunk Cloud deployment
- Executing debug commands
- Installing apps and modifying app configurations
REST API access limitations
As a Splunk Cloud user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.
To access to endpoints and REST operations, you need to authenticate with your username and password.
Refer to the following table to see which resource groups have full, partial, or no support in Splunk Cloud. In groups with partial support, typically the endpoints that are not supported are those that interact with a tier other than the search tier.
|Access control||Partial||Authorize and authenticate users.|
|Applications||None||Install applications and application templates.|
|Clusters||None||Configure and manage indexer clusters and search head clusters.|
|Configuration||Partial||Manage configuration files and settings.|
|Deployment||None||Manage deployment servers and clients.|
|Inputs||None||Manage data input.|
|Introspection||None||Access system properties.|
|Knowledge||Full||Define indexed and searched data configurations.|
|KV store||None||Manage app key-value store (KV store).|
|Licensing||None||Manage licensing configurations.|
|Outputs||None||Manage forwarder data configuration.|
|Search||Full||Manage searches and search-generated alerts and view objects.|
|System||Partial||Manage server configuration.|
|Workload management||Partial||Manage system resources for search workloads.|
Managing knowledge objects
This documentation applies to the following versions of Splunk® Enterprise: 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13
Feedback submitted, thanks!