Target a specific search head for ACS operations

The Admin Config Service (ACS) API lets you target the specific search head or search head cluster on which you want to run an ACS API operation.

Search head targeting is useful for ACS operations that apply to individual search heads only, such as initiating a restart or creating an authentication token, where the action is not replicated across search heads.

The following table shows ACS endpoint operations that apply to individual search heads (or search head clusters) only. By default these operations run on the first search head (sh1) or search head cluster (shc1). To run these operations on premium search heads, additional standalone search heads or additional search head clusters, you must specify the target search head in the API request URL.

To target a specific search head or search head cluster for an ACS API operation, you must add the search head prefix to the stack URL when you send an API endpoint request. You must also provide a JWT authentication token created on the targeted search head. For example, to target a standalone search head with search head prefix "sh-i-0910d0dfdb9ed913a" and stack URL "csms-2io6tw-47150":

curl -X POST 'https://admin.splunk.com/sh-i-0910d0dfdb9ed913a.csms-2io6tw-47150/adminconfig/v2/restart-now' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2...'

Or, to target a search head cluster with search head prefix "shc1":

curl  - X POST 'https://admin.splunk.com/shc1.csms-2io6tw-47150/adminconfig/v2/restart-now' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2...'  

To find the correct prefix for your search head or search head cluster, see the information provided to you upon provisioning of your Splunk Cloud Platform deployment.

For details on how to create a JWT authentication token, see Manage authentication tokens in Splunk Cloud Platform.

Adding the search head prefix to the stack URL does not affect ACS operations that are replicated across all search heads.