Target a specific search head for ACS operations

The Admin Config Service (ACS) API lets you target the specific search head or search head cluster on which you want to run an ACS API operation.

Search head targeting is useful for ACS operations that apply to individual search heads only, such as initiating a restart or creating an authentication token, where the action is not replicated across search heads.

The following table shows ACS endpoint operations that apply to individual search heads (or search head clusters) only. By default these operations run on the first search head (sh1) or search head cluster (shc1). To run these operations on premium search heads, additional standalone search heads or additional search head clusters, you must specify the target search head in the API request URL.

To target a specific search head or search head cluster for an ACS API operation, you must add the search head prefix to the stack URL when you send an API endpoint request. You must also provide a JWT authentication token created on the targeted search head. For example, to target a standalone search head with search head prefix "sh-i-0910d0dfdb9ed913a" and stack URL "csms-2io6tw-47150":

curl -X POST 'https://admin.splunk.com/sh-i-0910d0dfdb9ed913a.csms-2io6tw-47150/adminconfig/v2/restart-now' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2...'

Or, to target a search head cluster with search head prefix "shc1":

curl  - X POST 'https://admin.splunk.com/shc1.csms-2io6tw-47150/adminconfig/v2/restart-now' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2...' 

For details on how to create a JWT authentication token, see Manage authentication tokens in Splunk Cloud Platform.