Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > Applications Endpoint

Developing Dashboards, Views, and Apps for Splunk Web

 


Overview
Architecture
Splunk Web appearance
REST API
Auth
Properties
Search
Saved
Streams
Applications
SplunkBase
Legacy

Applications Endpoint

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Applications Endpoint

Use the /services/apps/ endpoint to interact with any application installed in $SPLUNK_HOME/etc/apps/. Download applications from SplunkBase. If you want to make your own application, please see the Admin Manual section on applications.

Local

The /services/apps/local endpoint lists the applications that are installed on the local system.

GET

The following are available arguments to GET.

FormArguments
qA substring filter to apply to application name and description. Optional.
offsetThe starting index of the applications to list. Default is 0.
countThe number of applications to return, starting from offset. 0 will return all applications. Default is 0.
sort_by <name | updatedTime> The property on which to sort. Default is <name>.
sort_dir <asc | desc>The direction in which to sort. Default is <asc>.

Response codes:

ResponseStatus
200OK.

Examples

See installed apps: 

curl -k -H "$SPLUNK_AUTH_HEADER" "https://localhost:8089/services/apps/local"

Search installed apps by name: 

curl -k -H "$SPLUNK_AUTH_HEADER" "https://localhost:8089/services/apps/local?q=co"

Response is an Atom feed of all the matching applications.

$APP_NAME

The /services/apps/local/$APP_NAME endpoint provides access to an installed application on the local system.

GET

Lists detailed information about an application.

Response codes:

ResponseStatus
200OK
404 Application not found.

Example

An Atom entry of the application information

Get information about a particular app: 

curl -k -H "$SPLUNK_AUTH_HEADER" "https://localhost:8089/services/apps/local/code"

POST

Provides control actions on an application.

FormArguments
action <enable | disable>The action to perform on the application.

Response codes:


ResponseStatus
200Action executed successfully.
400Request invalid; arguments missing.
404 Application not found.

Examples

Disable an app: 

curl -k -H "$SPLUNK_AUTH_HEADER" -X POST -d "action=disable" "https://localhost:8089/services/apps/local/code"

Enable an app: 

curl -k -H "$SPLUNK_AUTH_HEADER" -X POST -d "action=enable" "https://localhost:8089/services/apps/local/code"

Sample response to enable: 

<response>
    <messages>
        <msg type="INFO">Application 'foo' was enabled</msg>
    </messages>
</response>

DELETE

Permanently removes an application from the local system.

Response codes:

ResponseStatus
200Action executed successfully.
404Application not found.

Example

Uninstall an app: 

curl -k -H "$SPLUNK_AUTH_HEADER" -X DELETE "https://localhost:8089/services/apps/local/code"

Sample response to delete: 

<response>
    <messages>
        <msg type="INFO">Application 'foo' was deleted</msg>
    </messages>
</response>

Remote Entries

The /services/apps/remote/entries endpoint lists the applications that are available on the remote Splunk application repository. The location of the Splunk repository is specified in server.conf, and is a list of 1 or more base URLs that conform to the Splunk application listing format (Atom feed).

GET

Lists the applications that are installed on the remote systems.

FormArguments
qA substring filter to apply to application name and description. Optional.
offsetThe starting index of the applications to list. Default is 0.
countThe number of applications to return, starting from offset. 0 will return all applications. Default is 0.
sort_by <name | updatedTime> The property on which to sort. Default is <name>.
sort_dir <asc | desc>The direction in which to sort. Default is <asc>.

Response codes:

ResponseStatus
200OK.

Remote $APP_NAME

The /services/apps/remote/entries/$APP_NAME endpoint provides access to a remote application package

GET

Lists detail information about an application.

Response codes:

ResponseStatus
200OK
404Application not found.

Example

Browse SplunkBase: 

curl -k -H "$SPLUNK_AUTH_HEADER" "https://localhost:8089/services/apps/remote/entries"

POST

Provides control actions on a remote application. The actions are intended to be performed on the local system, and should not alter the state of the remote application package.

FormArguments
action <install>The action to perform on the application. Currently just limited to install.
session_keyThe session key provided by the remote repository; required when installing an application.

Response codes:

ResponseStatus
201Application successfully installed; HTTP header to follow. Location: /services/apps/local/app_name.
303Application already installed; HTTP header to follow. Location: /services/apps/local/app_name.
400Request invalid; arguments missing.
404Application not found.

Example

Install an app from SplunkBase: 

token=<url-encoded-auth-token-from-login>
curl -k -H "$SPLUNK_AUTH_HEADER" -X POST -d "action=install&auth=$token" "https://localhost:8089/services/apps/remote/entries/Splunk+for+UNIX"

Sample response to install: 

<response>
    <messages>
        <msg type="INFO">Application 'foo' was installed</msg>
    </messages>
</response>

Category Path

The /services/apps/remote/categories/category_path endpoint provides a list of Application categories defined on the remote systems.

GET

Returns an Atom feed of category names. If category_path is omitted then the top level list of categories is returned. Each category has a link to an alternate view to return it's children.

Response codes:

ResponseStatus
200OK
404Invalid category name.

Response Body is an Atom feed of categories or subcategories.

Remote Login

The services/apps/remote/login/ endpoint [rovides access to remote login services on the application repository.


POST

Returns a session key, on successful login, to be used in subsequent requests to install remote applications.

Response codes:

ResponseStatus
200OK
400Username or password was not provided.
401Credentials were invalid.

Example

Log into SplunkBase: 

curl -k -H "$SPLUNK_AUTH_HEADER" -X POST -d"username=SBuser&password=SBpass" "https://localhost:8089/services/apps/remote/login"

This returns an authToken that you have to URL encode using e.g.Python's urllib.quote(): 

<?xml version="1.0" encoding="UTF-8"?>
<response>
    <sessionKey>87ad615df536e3</sessionKey>
</response>
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.4.6/Developer/ApplicationsEndpoint"

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!