Splunk Cloud Platform

REST API Tutorials

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Access requirements and limitations for the Splunk Cloud Platform REST API

After you request access, you can use a limited subset of the Splunk Enterprise REST API endpoints with your Splunk Cloud Platform deployment.

Accessing the Splunk Cloud Platform REST API

To access your Splunk Cloud Platform deployment using the Splunk REST API and SDKs, submit a case requesting access using the Splunk Support Portal. Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API.

Free trial Splunk Cloud Platform accounts cannot access the REST API.

Once you have REST API access, you can make calls with a local account, an LDAP account, or a SAML account. To learn more about setting up authentication with tokens, see Set up authentication with tokens.

Use the following URL for Splunk Cloud Platform deployments. If necessary, submit a support case to open port 8089 on your deployment. Please include the IP Addresses/CIDR Ranges you would like to have access from.


Provide your own certificate

Optionally, you can provide your own certificate for the API port. To use your own certificate, submit a case using the Splunk Support Portal. You can request your own cert at the time that you request access to the REST API, or at a later time.

Administrative role limitations

The Splunk Cloud Platform administrative role sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API:  

  • Modifying configuration of deployment servers, client configuration, and distributed components, such as indexers, search heads, and clustering.
  • Restarting a Splunk Cloud Platform deployment
  • Executing debug commands
  • Installing apps and modifying app configurations

REST API access limitations

As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.

To access endpoints and REST operations, you must authenticate with your username and password.

The following table shows which resource groups are supported in Splunk Cloud Platform:

Category Description
Access control Authorize and authenticate users.
Federated Search Create, update, and delete definitions for federated providers and federated indexes.
Knowledge Define indexed and searched data configurations.
Metrics Enumerate metrics.
Search Manage searches and search-generated alerts and view objects.
Last modified on 30 October, 2021
Managing knowledge objects

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2109, 8.2.2111

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters