Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > Creating SOAP Requests

Developing Dashboards, Views, and Apps for Splunk Web

 


Start Here
Command Line Interface
SOAP API
Bundles
Modules
Skins
Workflow Integration
Search Language
Built-In Processors

Creating SOAP Requests

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Creating SOAP Requests

Observing PCL SOAP Calls

You can see exactly how Splunk creates SOAP calls with a small change to the existing PCL code to output the data sent and received. Use these examples to generate your own SOAP messages from the front-end of your choice and parse the data returned from splunkd for your application.


  1. Open $SPLUNK_HOME/lib/python2.4/site-packages/splunk/clilib/cli_common.py
  2. Find the following block in the callAPI function: 
try:
    retStr = server.invokeAPI(apiData=data)
  except socket.error:
    raise SOAPConnectionException, "Could not connect to splunk server.  
Please ensure that splunkd is running."
  1. After the try: line, add (with 4 leading spaces): 
    print "BEGIN SOAP CALL:\n%s\nEND SOAP CALL" % data
  1. After the SOAPConnectionException line, add (with 2 leading spaces): 
  print "BEGIN RETURNED XML:\n%s\nEND RETURNED XML" % retStr
  1. Save the file
  2. Run a few commands from the GUI to see what is being sent. The results can be found in $SPLUNK_HOME/var/log/splunk/web_access.log. Remember to remove the added code later to avoid filling this file wtih SOAP calls.

Creating a SOAP Call

Here is an example of search via SOAP:


  1. Make a request to https://localhost:8089/ (replace with your hostname:port) to generate an authentication token (valid for as long as you leave splunkd running, or until you switch authentication mechanisms): 
<call name="userLogin"><params><login><username>admin</username><password>changeme</password></login></params></call>

This returns an authentication token, which you must include in your search call: 


<auth>
  <userId>1</userId>
  <username>admin</username>
  <authToken>3105802749</authToken>
</auth>
  1. Now run the search call, with a few important notes: 
<call name="executeQuery"><params><query>SEARCH  meta::all GET events::0-2 
OUTPUT splunkui::2.1 
format::raw</query><user>livesplunkuser</user><queryId>37627661733490256838</queryId>
<auth>
  <userId>1</userId>
  <username>admin</username>
  <authToken>3105802749</authToken>
</auth>
</params></call>

This results in the following xml (3 results, one in each <result> block),


which you can parse as you wish: 


<queryResult>
<ids>
</ids>
<results type="events"><result cd="0:873197"><segtext xml:space="preserve">Feb 
19 14:25:49 VeeAte last message repeated 1964 times<meta><sg 
c="4003720337">format::l1_::_</sg> </meta></segtext>                
<timestamp>1171923949</timestamp>
                <source cd="1">/var/log/messages</source>
                <host cd="1" name="veeate" ><tags></tags></host>
                <sourcetype cd="1" base="syslog">syslog</sourcetype>
                <type cd="178" wob=" v:2af8 b1:97 a1:49 j1:1122 k2:5772 
h2:2550729191 g1:54764362 l2:0  ">
<tags></tags></type>
</result>
<result cd="0:873110"><segtext xml:space="preserve">Feb 19 14:24:49 VeeAte 
last message repeated 1956 times<meta><sg c="4003720337">format::l1_::_</sg> 
</meta></segtext>               <timestamp>1171923889</timestamp>
                <source cd="1">/var/log/messages</source>
                <host cd="1" name="veeate" ><tags></tags></host>
                <sourcetype cd="1" base="syslog">syslog</sourcetype>
                <type cd="178" wob=" v:2af8 b1:97 a1:49 j1:1122 k2:5772 
h2:2550729191 g1:54764362 l2:0  ">
<tags></tags></type>
</result>
<result cd="0:873023"><segtext xml:space="preserve">Feb 19 14:23:49 VeeAte 
last message repeated 1951 times<meta><sg c="4003720337">format::l1_::_</sg> 
</meta></segtext>               <timestamp>1171923829</timestamp>
                <source cd="1">/var/log/messages</source>
                <host cd="1" name="veeate" ><tags></tags></host>
                <sourcetype cd="1" base="syslog">syslog</sourcetype>
                <type cd="178" wob=" v:2af8 b1:97 a1:49 j1:1122 k2:5772 
h2:2550729191 g1:54764362 l2:0  ">
<tags></tags></type>
</result>
</results><performance>Queryid=3263159498132591711719240037627661733490256838 
user=livesplunkuser result="success" results_returned=9774 
submitted=02/19/2007:14:28:38 time_between_submission_and_execution=0.000 
execution_time=0.020 total_time=0.020</performance>
<query>SEARCH meta::all GET events::0-2 OUTPUT splunkui::2.1 
format::raw</query>
</queryResult>

executeQuery.pl

Here is a perl script that executes SOAP calls:


Note This requires XML::XPath and SOAP::Lite 


#!/usr/bin/perl
use XML::XPath;
use SOAP::Lite;
$| = 1;
# URL to Splunk Server Management Port
$splunkd = "https://defiant.splunk.com:8089";
# Login to splunk instance supplied by argument and return auth token.
sub Splunk_SOAP_login {
    my ($url) = @_;
    $s = SOAP::Lite
        -> uri('urn:m2c-ManagementService')
        -> proxy($url);
    $apiData = "<call name=\"userLogin\"><params><login><username>admin</username><password>changeme</password></login></params></call>";
    $call = SOAP::Data->name('apiData' => $apiData);
    $authToken = $s->invokeAPI($call) -> result;
    return $authToken;
}
## Execute the SOAP invoke api call and return the result
sub Splunk_SOAP_invokeAPI {
    my ($url, $authToken, $callname, $data) = @_;
    $s = SOAP::Lite
        -> uri('urn:m2c-ManagementService')
        -> proxy($url);
    $apiData = "<call name=\"" . $callname . "\"><params>" . $authToken . $data . "</params></call>";
    $call = SOAP::Data->name('apiData' => $apiData);
    return $s->invokeAPI($call) -> result;
}
# Helper function to build the data portion of a query call.
sub buildQuery {
    my ($searchString) = @_;
    $qdata = "<query>SEARCH $searchString GET events::0-9 OUTPUT maxlines::14 splunkui::2.1 summary::2.1 format::all "timeformat::%m/%d/%Y, %H:%M:%S"</query><user>admin</user><queryId>1234567890</queryId>"; 
    return $qdata;
}
# Obtain an auth token.
$authToken = Splunk_SOAP_login($splunkd);
print("authToken: $authToken\n");
# Build the API call.
# change this to send a different call
# some possible choices are:
#     getLicenseInfo
#     getUserInfo
#     getHostname
#     deleteUser
$callname = "executeQuery";
# for queries, this is the search term
$term = "error";
$query = buildQuery($term);
# Make the call and print results.
$results = Splunk_SOAP_invokeAPI($splunkd, $authToken, $callname, $query);
print $results;
Retrieved from "http://docs.splunk.com/Documentation/Splunk/2.2/Developer/CreatingSOAPRequests"

This documentation applies to the following versions of Splunk: 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.