Authentication and authorization

Username and password authentication is required for access to endpoints and REST operations. You must have the edit_analyticstories capability to use the analyticstories endpoint.

Alternatively, you can use token authentication. See Set up authentication with tokens in the Splunk Enterprise Securing the Splunk Platform manual.

Username and password authentication is used in the examples that follow.

Splunk Cloud Platform URL for REST API access

Splunk Cloud Platform has a different host and management port syntax than Splunk Enterprise. Depending on your deployment type, use one of the following options to access REST API resources.

Splunk Cloud Platform deployments

Use the following URL for single-instance deployments.

https://<deployment-name>.splunkcloud.com:8089

Use the following URL for clustered deployments. If necessary, submit a support case to open port 8089 on your deployment.

https://<deployment-name>.splunkcloud.com:8089

To get the required credentials, submit a support case on the Support Portal. After installing the credentials, use the following URL.

https://input-<deployment-name>.splunkcloud.com:8089

See Using the REST API in Splunk Cloud Platform in the the Splunk REST API Tutorials for more information.

Common return format

For success and error responses, the general format follows.

Success

The general response for successes, such as 200/201, follows:

{
  "entry": [
    {JSON object 1},
    ...
  ],
  "paging": {
    "offset": <number>,
    "perPage": <number>,
    "total": <number>
  }
}

where each object in the entry array would be specified per endpoint.

Error

The general response for errors, such as 4xx/5xx, follows:

{
  "messages": [
    {
      "type": "ERROR",
      "text": "<error message>"
    },
    ...
  ]
}