Applications
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
- apps/appinstall
- POST apps/appinstall
- apps/apptemplates
- GET apps/apptemplates
- apps/apptemplates/{name}
- GET apps/apptemplates/{name}
- apps/local
- GET apps/local
- POST apps/local
- apps/local/{name}
- DELETE apps/local/{name}
- GET apps/local/{name}
- POST apps/local/{name}
- apps/local/{name}/package
- GET apps/local/{name}/package
- apps/local/{name}/setup
- GET apps/local/{name}/setup
- apps/local/{name}/update
- GET apps/local/{name}/update
Applications
Use the Applications endpoints to install applications and application templates into a Splunk instance.
apps/appinstall
Provides for installation of apps from a URL or local file.
POST apps/appinstall
Installs a Splunk app from a local file or from a URL.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| name | String | | Specifies the app to install. Can be either a path to the app on a local disk or a URL to an app.
Note: In Splunk 4.3, this endpoint does not support HTTP sessions that require authentication, such as Splunkbase. | |
| update | Boolean | If true, installs an update to an app, overwriting the existing app folder. |
Response Codes
| Status Code | Description |
|---|---|
| 201 | Created successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 402 | The Splunk license in use has disabled this feature. |
| 403 | Insufficient permissions to install app. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
| 503 | This feature has been disabled in Splunk configuration files. |
Returned Values
| Attribute | Description |
|---|---|
| eai:acl | See Access control lists for Splunk objects |
| location | Local path to the location of the installed app. |
| name | The name of the app that was installed. |
| source_location | Local path to the source installation file. |
| status | Indicates whether the app was installed. |
| update | Indicates if the installed app was an update. If true, the update overwrites the existing app folder. |
Example
This example installs the basketball app from a local file. The file was an app downloaded from splunkbase.
curl -k -u admin:pass https://localhost:8089/services/apps/appinstall/ \ -d name=/Users/vgenovese/Downloads/basketball.tar
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title></title>
<id>https://localhost:8089/services/apps/appinstall</id>
<updated>2011-05-31T14:37:32-07:00</updated>
<generator version="100492"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/appinstall/_new" rel="create"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>Installed</title>
<id>https://localhost:8089/services/apps/appinstall/Installed</id>
<updated>2011-05-31T14:37:32-07:00</updated>
<link href="/services/apps/appinstall/Installed" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/appinstall/Installed" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
. . .
</s:key>
<s:key name="location">/Applications/splunk4.3/etc/apps/basketball</s:key>
<s:key name="name">basketball</s:key>
<s:key name="source_location">/Users/vgenovese/Downloads/basketball.tar</s:key>
<s:key name="status">installed</s:key>
</s:dict>
</content>
</entry>
</feed>
apps/apptemplates
Provides access to app templates that can be used to create new Splunk apps.
GET apps/apptemplates
Lists app templates that are used to create apps from the Mangager interface in Splunk Web.
An app template is valid as the "template" argument to POST to /services/apps/local. The app templates can be found by enumerating $SPLUNK_HOME/share/splunk/app_templates. Adding a new template takes effect without restarting splunkd or SplunkWeb.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| count | Number | 30 | Indicates the maximum number of entries to return. To return all entries, specify 0. | |
| offset | Number | 0 | Index for first item to return. | |
| search | String | Search expression to filter the response. The response matches field values against the search expression. For example:
search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example. | ||
| sort_dir | Enum | asc | Valid values: (asc | desc)
Indicates whether to sort returned entries in ascending or descending order. | |
| sort_key | String | name | Field to use for sorting. | |
| sort_mode | Enum | auto | Valid values: (auto | alpha | alpha_case | num)
Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically. |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Listed successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to view app templates. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
No values returned for this request.
Example
Lists available app templates that can be used to create a new app.
curl -k -u admin:pass https://localhost:8089/services/apps/apptemplates
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title/>
<id>https://localhost:8089/services/apps/apptemplates</id>
<updated>2011-07-08T01:19:34-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>barebones</title>
<id>https://localhost:8089/services/apps/apptemplates/barebones</id>
<updated>2011-07-08T01:19:34-07:00</updated>
<link href="/services/apps/apptemplates/barebones" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/apptemplates/barebones" rel="list"/>
<content type="text/xml">
<s:dict>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="lol">wut</s:key>
</s:dict>
</content>
</entry>
</feed>
apps/apptemplates/{name}
GET apps/apptemplates/{name}
Retrieves information about a specific app template.
This call is rarely used, as all the information is provided by the apps/templates endpoint, which does not require an explicit name.
Request
No parameters for this request.
Response Codes
| Status Code | Description |
|---|---|
| 200 | Listed successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to view app template. |
| 404 | app template does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
| Attribute | Description |
|---|---|
| eai:attributes | See Accessing Splunk resources |
Example
List information about the barebones app template.
curl -k -u admin:pass https://localhost:8089/services/apps/apptemplates/barebones
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title/>
<id>https://localhost:8089/services/apps/apptemplates</id>
<updated>2011-07-08T01:19:35-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>barebones</title>
<id>https://localhost:8089/services/apps/apptemplates/barebones</id>
<updated>2011-07-08T01:19:35-07:00</updated>
<link href="/services/apps/apptemplates/barebones" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/apptemplates/barebones" rel="list"/>
<content type="text/xml">
<s:dict>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="lol">wut</s:key>
</s:dict>
</content>
</entry>
</feed>
apps/local
Endpoint for creating new Splunk apps, and subsequently accessing, updating, and deleting local apps.
GET apps/local
Returns information on all locally-installed apps.
Splunkbase can correlate locally-installed apps with the same app on Splunkbase to notify users about app updates.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| count | Number | 30 | Indicates the maximum number of entries to return. To return all entries, specify 0. | |
| offset | Number | 0 | Index for first item to return. | |
| refresh | Boolean | Indicates whether to scan for new apps and reload any objects those new apps contain. | ||
| search | String | Search expression to filter the response. The response matches field values against the search expression. For example:
search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example. | ||
| sort_dir | Enum | asc | Valid values: (asc | desc)
Indicates whether to sort returned entries in ascending or descending order. | |
| sort_key | String | name | Field to use for sorting. | |
| sort_mode | Enum | auto | Valid values: (auto | alpha | alpha_case | num)
Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically. |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Listed successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to view local apps. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
| Attribute | Description |
|---|---|
| author | The author of the app, plus other optional contact info. For apps deployed on Splunkbase, this is the username for the Splunkbase account. |
| check_for_updates | Boolean value indicating whether to check Splunkbase for updates to the app. |
| configured | Indicates if the application's custom setup has been performed. |
| description | Short explanatory string about the app. In Splunk Web, displayed below the app's title in Launcher. |
| disabled | Boolean value indicating whether the installed app is disabled. |
| label | The name of the app that is shown in Splunk Web and Splunk Launcher. |
| manageable | Indicates that the Splunk Manager can manage the app. |
| refresh | Indicates whether to scan for new apps and reload any objects those new apps contain. |
| state_change_requires_restart | Indicates whether changing an app's state always requires a restart of Splunk.
State changes include enabling or disabling an app.
|
| version | Specifies the version for the app. Each release of an app must change the version number.
Version numbers are a number followed by a sequence of numbers or dots. Pre-release versions can append a space and a single-word suffix like "beta2". Examples:
|
| visible | Indicates if the app is visible and navigable from Splunk Web.
Visible apps require at least one view that is available from Splunnk Web. |
Example
Return all locally installed apps for this Splunk instance.
curl -k -u admin:pass https://localhost:8089/services/apps/local
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-11T19:14:48-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>dstestapp</title>
<id>https://localhost:8089/services/apps/local/dstestapp</id>
<updated>2011-07-11T19:14:48-07:00</updated>
<link href="/services/apps/local/dstestapp" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/dstestapp" rel="list"/>
<link href="/services/apps/local/dstestapp/_reload" rel="_reload"/>
<link href="/services/apps/local/dstestapp" rel="edit"/>
<link href="/services/apps/local/dstestapp" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Greg Albrecht (gba@splunk.com)</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">0</s:key>
<s:key name="description">If you see this app then your deployment client is working correctly.</s:key>
<s:key name="disabled">0</s:key>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="label">Deployment Server Test App</s:key>
<s:key name="manageable">1</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">69.420</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
</feed>
POST apps/local
Creates a new application.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| name | String | | Name of the application to create. The name you select becomes the name of the folder on disk that contains the app. | |
| author | String | For apps you intend to post to Splunkbase, enter the username of your splunk.com account.
For internal-use-only apps, include your full name and/or contact info (for example, email). | ||
| configured | Boolean | Indicates if the application's custom setup has been performed.
Note: This parameter is new with Splunk 4.2.4. | ||
| description | String | Short explanatory string displayed underneath the app's title in Launcher.
Typically, short descriptions of 200 characters are more effective. | ||
| label | String | Defines the name of the app shown in the Splunk GUI and Launcher.
Examples of good labels:
| ||
| manageable | Boolean | Indicates that the Splunk Manager can manage the app. | ||
| template | Enum | Valid values: (barebones | sample_app)
Indicates the app template to use when creating the app. Specify either of the following:
You can also specify any valid app template you may have previously added. | ||
| visible | Boolean | Indicates if the app is visible and navigable from the UI.
Visible apps require at least 1 view that is available from the UI |
Response Codes
| Status Code | Description |
|---|---|
| 201 | Created successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 402 | The Splunk license in use has disabled this feature. |
| 403 | Insufficient permissions to create local app. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
| 503 | This feature has been disabled in Splunk configuration files. |
Returned Values
| Attribute | Description |
|---|---|
| author | For apps posted to Splunkbase, the username of a splunk.com account.
For internal-use-only apps, name and contact information for the app author. |
| configured | Indicates if the application's custom setup has been performed. |
| description | Short explanatory string displayed underneath the app's title in Launcher. |
| label | Defines the name of the app shown in the Splunk GUI and Launcher. |
| manageable | Indicates that the Splunk Manager can manage the app. |
| name | Name of the application created. This name becomes the name of the folder on disk that contains the app. |
| template | Indicates the app template used to create the app. |
| url | URL to launch the app in Splunk Web. |
| visible | Indicates if the app is visible and navigable from Splunk Web.
Visible apps require at least 1 view that is available from the Splunk Web. |
Example
This example creates a new application, "myApp," based on sample_app template.
The application appears as "My Application" in Splunk Web, is navigable in Splunk Web, and is managed by the Splunk Manager.
curl -k -u admin:pass https://localhost:8089/services/apps/local \ -d name=myApp \ -d label="My Application" \ -d manageable=1 \ -d template=sample_app \ -d visible=1
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title/>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-11T19:15:35-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>Created</title>
<id>https://localhost:8089/services/apps/local/Created</id>
<updated>2011-07-11T19:15:35-07:00</updated>
<link href="/services/apps/local/Created" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/Created" rel="list"/>
<link href="/services/apps/local/Created" rel="edit"/>
<content type="text/xml">
<s:dict>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="name">myApp</s:key>
<s:key name="template">sample_app</s:key>
<s:key name="url">http://mrt:8001/app/myApp</s:key>
</s:dict>
</content>
</entry>
</feed>
apps/local/{name}
DELETE apps/local/{name}
Removes the locally installed app with the name specified by {name}.
After deleting an app, there might also be some manual cleanup. See "Uninstall an app" in the "Meet Splunk apps" section of the Splunk Admin manual.
Request
No parameters for this request.
Response Codes
| Status Code | Description |
|---|---|
| 200 | Deleted successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to delete local app. |
| 404 | Local app does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
No values returned for this request.
Example
This example removes the locally installed app, myApp.
After deleting the app, you can use the GET operation for /apps/local to confirm that the app is no longer installed.
curl -k -u admin:pass --request DELETE https://localhost:8089/services/apps/local/myApp
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-11T19:16:36-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
</feed>
GET apps/local/{name}
Returns information about the locally installed app with the name specified by {name}.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| refresh | Boolean | Indicates whether to reload the objects contained in the locally installed app with the name specified by {name}. |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Listed successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to view local app. |
| 404 | Local app does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
| Attribute | Description |
|---|---|
| author | The author of the app, plus other optional contact info. For apps deployed on Splunkbase, this is the username for the Splunkbase account. |
| check_for_updates | Boolean value indicating whether to check Splunkbase for updates to the app. |
| configured | Indicates if the application's custom setup has been performed. |
| description | Short explanatory string about the app. In Splunk Web, displayed below the app's title in Launcher. |
| disabled | Indicates if the app is disabled. |
| eai:attributes | See Accessing Splunk resources |
| label | The name of the app that is shown in Splunk Web and Splunk Launcher. |
| manageable | Indicates that the Splunk Manager can manage the app. |
| refresh | Indicates whether to reload the objects contained in the locally installed app with the name specified by {name}. |
| state_change_requires_restart | Indicates whether changing an app's state always requires a restart of Splunk. State changes include enabling or disabling an app.
|
| version | Specifies the version for the app. Each release of an app must change the version number.
Version numbers are a number followed by a sequence of numbers or dots. Pre-release versions can append a space and a single-word suffix like "beta2". Examples:
|
| visible | Indicates if the app is visible and navigable from Splunk Web.
Visible apps require at least one view that is available from Splunnk Web. |
Example
Returns information about the locally installed Splunk search app.
curl -k -u admin:pass https://localhost:8089/services/apps/local/search
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-11T19:15:49-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>search</title>
<id>https://localhost:8089/services/apps/local/search</id>
<updated>2011-07-11T19:15:49-07:00</updated>
<link href="/services/apps/local/search" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/search" rel="list"/>
<link href="/services/apps/local/search/_reload" rel="_reload"/>
<link href="/services/apps/local/search" rel="edit"/>
<link href="/services/apps/local/search" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Splunk</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">1</s:key>
<s:key name="description">
<![CDATA[The Search app is Splunk's default interface for searching and analyzing IT data. It allows you to index data into Splunk, add knowledge, build reports, and create alerts. The Search app can be used across many areas of IT including application management, operations management, security, and compliance.]]> </s:key>
<s:key name="disabled">0</s:key>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>author</s:item>
<s:item>check_for_updates</s:item>
<s:item>description</s:item>
<s:item>label</s:item>
<s:item>manageable</s:item>
<s:item>version</s:item>
<s:item>visible</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="label">Search</s:key>
<s:key name="manageable">1</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">4.3</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
</feed>
POST apps/local/{name}
Updates the app specified by {name}.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| author | String | For apps you intend to post to Splunkbase, enter the username of your splunk.com account.
For internal-use-only apps, include your full name and/or contact info (for example, email). | ||
| check_for_updates | Boolean | If set to true, Splunk checks Splunkbase for updates to this app. | ||
| configured | Boolean | Indicates if the application's custom setup has been performed.
Note: This parameter is new with Splunk 4.2.4. | ||
| description | String | Short explanatory string displayed underneath the app's title in Launcher.
Typically, short descriptions of 200 characters are more effective. | ||
| label | String | Defines the name of the app shown in the Splunk GUI and Launcher.
Examples of good labels:
| ||
| manageable | Boolean | Indicates that the Splunk Manager can manage the app. | ||
| version | version string | Specifies the version for the app. Each release of an app must change the version number.
Version numbers are a number followed by a sequence of numbers or dots. Pre-release versions can append a space and a single-word suffix like "beta2". Examples:
| ||
| visible | Boolean | Indicates if the app is visible and navigable from the UI.
Visible apps require at least 1 view that is available from the UI |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Updated successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 402 | The Splunk license in use has disabled this feature. |
| 403 | Insufficient permissions to edit local app. |
| 404 | Local app does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
| 503 | This feature has been disabled in Splunk configuration files. |
Returned Values
No values returned for this request.
Example
This example updates the label of the app MyApp. MyApp was created for the example to the POST operation of apps/local.
The application now appears as "My Killer App" in Splunk Web.
curl -k -u admin:pass https://localhost:8089/services/apps/local/myApp \ -d label="My Killer App"
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title/>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-11T19:16:08-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
</feed>
apps/local/{name}/package
GET apps/local/{name}/package
Archives the app specified by {name}, placing the archive in the following directory on your Splunk installation:
$SPLUNK_HOME/etc/system/static/app-packages/{name}.spl
The archive can then be downloaded from the management port of your Splunk installation:
https://[Splunk Host]:[Management Port]/static/app-packages/{name}.spl
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| <arbitrary_key> | Arbitrary_key documentation under development |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Package file for the app created successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to create package for the app. |
| 404 | App specified by {name} does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
| Attribute | Description |
|---|---|
| name | Name of the application. This name becomes the name of the folder on disk that contains the app. |
| path | The local path to an archive of an app. |
| refresh | Indicates whether to reload the objects contained in the locally installed app with the name specified by {name}. |
| url | The URL to use to download an archive of an app. |
Example
Create an archive of the unix app that can later be accessed from the Splunk management port.
This operation returns the local directory of the archive plus the URL to use to download it.
curl -k -u admin:pass https://localhost:8089/services/apps/local/unix/package
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title></title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-10-20T09:09:03-07:00</updated>
<generator version="108769"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>Package</title>
<id>https://localhost:8089/services/apps/local/Package</id>
<updated>2011-10-20T09:09:03-07:00</updated>
<link href="/services/apps/local/Package" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/Package/setup" rel="edit"/>
<content type="text/xml">
<s:dict>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="name">unix</s:key>
<s:key name="path">/Applications/splunk/etc/system/static/app-packages/unix.spl</s:key>
<s:key name="url">https://vgenovese-mbp15.local:8089/static/app-packages/unix.spl</s:key>
</s:dict>
</content>
</entry>
</feed>
apps/local/{name}/setup
GET apps/local/{name}/setup
Returns set up information for the app specified by {name}. In the response to this operation, the actual setup script is listed under the key value, "eai:setup."
Some apps contain setup scripts that must be run before the app is enabled. For example, the Splunk for Unix and Linux app, available from Splunkbase, contains a setup script.
For more information on setup scripts, see Configure a setup screen in the Splunk Developer manual.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| <arbitrary_key> | Arbitrary_key documentation under development |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Set up information returned successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to setup app. |
| 404 | App does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
| Attribute | Description |
|---|---|
| eai:attributes | See Accessing Splunk resources |
| eai:setup | Listing of the setup script. |
| refresh | Indicates whether to scan for new apps and reload any objects those new apps contain. |
Example
Returns information about the setup script for the Splunk for Unix and Linux app.
The actual setup script is listed for the key value, "eai:setup."
curl -k -u admin:pass https://localhost:8089/services/apps/local/unix/setup
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-13T11:24:35-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>unix</title>
<id>https://localhost:8089/servicesNS/nobody/unix/apps/local/unix</id>
<updated>2011-07-13T11:24:35-07:00</updated>
<link href="/servicesNS/nobody/unix/apps/local/unix" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/unix/apps/local/unix/setup" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="/admin/script/.%252Fbin%252Fcpu.sh/enabled">1</s:key>
<s:key name="/admin/script/.%252Fbin%252Fcpu.sh/interval">30</s:key>
<s:key name="/admin/script/.%252Fbin%252Fdf.sh/enabled">1</s:key>
<s:key name="/admin/script/.%252Fbin%252Fdf.sh/interval">300</s:key>
<!-- other script nodes elided for brevity. -->
<s:key name="/admin/script/.%252Fbin%252Fwho.sh/enabled">1</s:key>
<s:key name="/admin/script/.%252Fbin%252Fwho.sh/interval">150</s:key>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list>
<s:item>.*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="eai:setup">
<![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<SetupInfo>
<block title="Welcome to the Splunk for nix App">
<text>The Splunk for nix app provides some sample searches and reports to boot-strap your use of Splunk for Unix host management.
To work, it needs certain inputs enabled. These system metrics drive the sample dashboards.
Please review and confirm the inputs below before proceeding.</text>
</block>
<block title="CPU Stats (sar / mpstat / etc.)" endpoint="admin/script" entity=".%252Fbin%252Fcpu.sh">
<input field="interval" id="/admin/script/.%252Fbin%252Fcpu.sh/interval">
<label>Polling Interval (sec)</label>
<type>text</type>
</input>
<input field="enabled" id="/admin/script/.%252Fbin%252Fcpu.sh/enabled">
<label>Enable</label>
<type>bool</type>
</input>
</block>
. . .
<block title="Time Query (date, ntpdate -q)" endpoint="admin/script" entity=".%252Fbin%252Ftime.sh">
<input field="interval" id="/admin/script/.%252Fbin%252Ftime.sh/interval">
<label>Polling Interval (sec)</label>
<type>text</type>
</input>
<input field="enabled" id="/admin/script/.%252Fbin%252Ftime.sh/enabled">
<label>Enable</label>
<type>bool</type>
</input>
</block>
<block title="Linux Audit Log (/var/log/audit/audit.log | ausearch)" endpoint="admin/script" entity=".%252Fbin%252Frlog.sh">
<input field="interval" id="/admin/script/.%252Fbin%252Frlog.sh/interval">
<label>Polling Interval (sec)</label>
<type>text</type>
</input>
<input field="enabled" id="/admin/script/.%252Fbin%252Frlog.sh/enabled">
<label>Enable</label>
<type>bool</type>
</input>
</block>
<block title="Warning">
<text>Submitting this form can take a long time. Please be patient and wait for it to complete before navigating away from this page.</text>
</block>
</SetupInfo>
]]> </s:key>
</s:dict>
</content>
</entry>
</feed>
apps/local/{name}/update
GET apps/local/{name}/update
Returns any update information available for the app specified by {name}.
Request
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| <arbitrary_key> | Arbitrary_key documentation under development |
Response Codes
| Status Code | Description |
|---|---|
| 200 | Update information for the app was returned successfully. |
| 400 | Request error. See response body for details. |
| 401 | Authentication failure: must pass valid credentials with request. |
| 403 | Insufficient permissions to update app. |
| 404 | App does not exist. |
| 409 | Request error: this operation is invalid for this item. See response body for details. |
| 500 | Internal server error. See response body for details. |
Returned Values
| Attribute | Description |
|---|---|
| refresh | Indicates whether to scan for new apps and reload any objects those new apps contain. |
| update.appurl | URL to download the updated version of the app. |
| update.checksum | The checksum to use to verify the download of the app. |
| update.checksum.type | The name of the checksum hash function. |
| update.homepage | URL to the Splunkbase page for the app. |
| update.implicit_id_required | Indicates if an ID is required. |
| update.name | The name of the app to update. |
| update.size | The downlaod size of the update to the app. |
| update.version | The version of the app to update. |
Example
Returns update information for the Splunk Deployment Monitior app.
curl -k -u admin:pass https://localhost:8089/services/apps/local/SplunkDeploymentMonitor/update
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-13T11:27:41-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<!-- opensearch nodes elided for brevity. -->
<s:messages/>
<entry>
<title>SplunkDeploymentMonitor</title>
<id>https://localhost:8089/services/apps/local/SplunkDeploymentMonitor</id>
<updated>2011-07-13T11:27:41-07:00</updated>
<link href="/services/apps/local/SplunkDeploymentMonitor" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/SplunkDeploymentMonitor" rel="list"/>
<link href="/services/apps/local/SplunkDeploymentMonitor/_reload" rel="_reload"/>
<link href="/services/apps/local/SplunkDeploymentMonitor" rel="edit"/>
<link href="/services/apps/local/SplunkDeploymentMonitor" rel="remove"/>
<link href="/services/apps/local/SplunkDeploymentMonitor/update" rel="update"/>
<content type="text/xml">
<s:dict>
<!-- eai:acl nodes elided for brevity. -->
<s:key name="update.appurl">
https://splunkbase.splunk.com/api/apps:download/Splunk+Deployment+Monitor/4.2.2/SplunkDeploymentMonitor_for_4.2.2.tgz
</s:key>
<s:key name="update.checksum">039fc2a1bac2da5c056b7340c98ab168</s:key>
<s:key name="update.checksum.type">md5</s:key>
<s:key name="update.homepage">https://splunkbase.splunk.com/apps/Splunk+Deployment+Monitor</s:key>
<s:key name="update.implicit_id_required">1</s:key>
<s:key name="update.name">Splunk Deployment Monitor</s:key>
<s:key name="update.size">31845</s:key>
<s:key name="update.version">4.2.2</s:key>
</s:dict>
</content>
</entry>
</feed>
This documentation applies to the following versions of Splunk: 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 View the Article History for its revisions.