Splunk® Enterprise

REST API Tutorials

Splunk Enterprise version 9.0 will no longer be supported as of June 14, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Access requirements and limitations for the Splunk Cloud Platform REST API

After you request access, you can use a limited subset of the Splunk Enterprise REST API endpoints with your Splunk Cloud Platform deployment.

Accessing the Splunk Cloud Platform REST API

To access your Splunk Cloud Platform deployment using the Splunk REST API and SDKs, you need both access to the REST APIs and the ability to authenticate.

You can get access if necessary with one of the following options:

  • Use the Admin Config Service (ACS) API search-api/ipallowlists endpoint to add IP addresses to the search-api allow list. For more information about the search-api/ipallowlists endpoint, see Configure IP allow lists for Splunk Cloud Platform.
  • Submit a support case requesting access using the Splunk Support Portal. Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API, so make sure your request includes the IP addresses or CIDR ranges that you want access from.

After you get REST API access, create authentication tokens to use the REST APIs. Tokens are available for both native Splunk authentication and external authentication through either the LDAP or SAML schemes. To learn more about setting up authentication with tokens, see Set up authentication with tokens in the Securing Splunk Enterprise manual.

Use the following URL for Splunk Cloud Platform deployments:

https://<deployment-name>.splunkcloud.com:8089

Free trial Splunk Cloud Platform accounts cannot access the REST API.

Administrative role limitations

The Splunk Cloud Platform administrative role sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API:  

  • Modifying configuration of deployment servers, client configuration, and distributed components, such as indexers, search heads, and clustering.
  • Restarting a Splunk Cloud Platform deployment
  • Executing debug commands
  • Installing apps and modifying app configurations

REST API access limitations

As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.

To access endpoints and REST operations, you must authenticate with your username and password.

Refer to the following table to see which resource groups are supported in Splunk Cloud Platform.

Category Description
Access control Authorize and authenticate users.
Federated Search Create, update, and delete definitions for federated providers and federated indexes.
Knowledge Define indexed and searched data configurations.
KV store Manage the Key Value store.
Metrics Enumerate metrics.
Search Manage searches and search-generated alerts and view objects.
Last modified on 24 July, 2023
Introduction   Managing knowledge objects

This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.2.0, 9.2.1, 9.2.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters