Splunk Cloud Platform

Admin Config Service Manual

Target a specific search head for ACS operations

The Admin Config Service (ACS) API lets you target the specific search head or search head cluster on which you want to run an ACS API operation.

Search head targeting is useful for ACS operations that apply to individual search heads only, such as initiating a restart or creating an authentication token, where the action is not replicated across search heads.

The following table shows ACS endpoint operations that apply to individual search heads (or search head clusters) only. By default these operations run on the first search head (sh1) or search head cluster (shc1). To run these operations on premium search heads, additional standalone search heads or additional search head clusters, you must specify the target search head in the API request URL.

ACS endpoint
Victoria Experience
(search head targeting required)
Classic Experience
(search head targeting required)
tokens Yes Yes
roles Yes Yes
users Yes Yes
restart Yes Yes
permissions/apps Yes Endpoint not supported in Classic Experience.

To target a specific search head or search head cluster for an ACS API operation, you must add the search head prefix to the stack URL when you send an API endpoint request. You must also provide a JWT authentication token created on the targeted search head. For example, to target a standalone search head with search head prefix "sh-i-0910d0dfdb9ed913a" and stack URL "csms-2io6tw-47150":

curl -X POST 'https://admin.splunk.com/sh-i-0910d0dfdb9ed913a.csms-2io6tw-47150/adminconfig/v2/restart-now' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2...'

Or, to target a search head cluster with search head prefix "shc1":

curl  - X POST 'https://admin.splunk.com/shc1.csms-2io6tw-47150/adminconfig/v2/restart-now' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2...'  

To find the correct prefix for your search head or search head cluster, see the information provided to you upon provisioning of your Splunk Cloud Platform deployment.

For details on how to create a JWT authentication token, see Manage authentication tokens in Splunk Cloud Platform.

Adding the search head prefix to the stack URL does not affect ACS operations that are replicated across all search heads.

Last modified on 26 January, 2024
Basic setup and usage concepts for the Admin Config Service (ACS) API   Manage ACS API access with capabilities

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312, 9.2.2403

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters