I'm looking to start using the Web API but I'm running in to a problem. When I try and hit the login endpoint for authentication I get the following:
curl -k https://localhost:8089/servicesNS/admin/search/login/ -d"username=admin&password=changeme"
404 - not found
I'm running Splunk 4.3.1 and we do have LDAP authentication turned on, if that makes a difference. If I browse to the above location I don't see the login endpoint that way either. So, what am I doing wrong?
I am not sure where you got that URL endpoint, but Splunk's authentication endpoint is at https://localhost:8089/services/auth/login. You can also get an auth token at https://localhost:8089/servicesNS/
http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTlist
I am not sure where you got that URL endpoint, but Splunk's authentication endpoint is at https://localhost:8089/services/auth/login. You can also get an auth token at https://localhost:8089/servicesNS/
http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTlist
looks to me like you just copied the url wrong from that docs page.
I got the URL I was using from the developer docs
http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT
I'm not actually trying to connect to localhost or with admin/changeme I pulled out the full URL and username/password for the sake of security and brevity.
I've switched to using the services/auth/login url and it is now working.
Thanks!
it is possible to connect from localhost or 127.0.0.1 without changing the default admin password. if you want to connect from other networks, then you need to change the password. it's possible to change this behavior in server.conf with the allowRemoteLogin
setting, but it's easier and better to just change the password.
Is it even possible to log on with admin/changeme? I seem to remember that it was disabled?
/kristian