R12 Publication-2025July16

Set up API Server

Create a Splunk API Server:

Pre-requisites

Application Version

Application Version
Splunk Enterprise 7.3.0 (or newer)

Network Connectivity

ClientServerProtocol
NetBrain Front ServerSplunk Enterprise, Port 8089HTTPS

User Account and Privileges

ApplicationUser AccountRequired Role Assignment(s)
NetBrainRequiredSystem Admin
Splunk EnterpriseRequiredSufficient access to the expected Apps and Sources (or higher)

Create Splunk API Server Connection

Information Note: If the environment has been deployed with multiple Front Servers, repeat this section for each of the Front Servers.
  1. Using a web browser, login to the NetBrain Desktop UI using the System Admin credentials.
    • http://<NetBrain Web Server IP>
  2. Navigate to the NetBrain API Server Manager.
    • Domain Management > API Server Manager
  3. In the API Server Manager screen, click Add.
  4. Complete the Add API Server dialog screen as follows:
    • Server Name: Splunk API Server <Front Server>
    • Description: Splunk
    • API Source Type: "Splunk API Adapter"
    • Endpoint: Splunk instance endpoint (ex "https://192.168.28.253:8089")
    • Username: Splunk account's username
    • Password: Splunk password
    • Front Server/Front Server Group: Select FS/FSG which would have reachability to Splunk Enterprise server
  5. Click Managed Devices: 0 to assign Splunk Search enabled devices to this API Server.
    • Click + Device.
    • Select "Device Type" radio button.
    • Select All Device Types.
    • Click ">>", then click OK two times to save the device assignment.
  6. Click Test to initiate a connectivity test between the NetBrain front server and the Splunk Enterprise instance configured. Pictures below are the results of a successful connectivity test followed by two typical failure scenarios: Incorrect credentials and connectivity between NetBrain and Splunk Enterprise.

Test Results

 

Screenshots
Successful ConnectionGraphical user interface, text, application, emailDescription automatically generated

Error Scenario: The entered credentials are incorrect.

Possible Resolution: Confirm credentials specified in the Splunk API Server configuration and retry.

Graphical user interface, text, application, emailDescription automatically generated

Error Scenario: Splunk Enterprise endpoint is unreachable.

Possible Resolution: Confirm that the NetBrain Front Server(s) can reach the Splunk Enterprise platform on Port 8089 via HTTPs

Graphical user interface, text, application, emailDescription automatically generated