Streams Endpoint
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Streams Endpoint
Use the /services/streams/ endpoint to access streaming search results, such as Live Tail. For specific search results in other formats, use the search endpoint.
Search
The /services/streams/search endpoint provides synchronous event search streaming service.
GET
Executes a simple search (no pipe support).
| Argument | Purpose |
q | The simple search string to execute (with no leading 'search' command).. |
Response codes:
| Response | Status |
| 200 | Method executed successfully. |
The return content is raw event text in streaming format. There is no formatting, or timestamping on the data. Close the client connection to stop the search.
Live tail
The /services/streams/livetail endpoint provides synchronous data input tailing service.
GET
Streams raw data being received by Splunk.
| Argument | Purpose | |
q | The simple search string to execute (with no leading 'search' command). | to apply to the incoming data stream |
Response codes:
| Response | Status |
| 200 | Method executed successfully. |
The return content is raw event text in streaming format. There is no formatting, or timestamping on the data. Close the client connection to stop the search.
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.