System endpoint descriptions

Manage server configuration settings and messages.

Usage details

Review ACL information for an endpoint

To check Access Control List (ACL) properties for an endpoint, append /acl to the path. For more information see Access Control List in the REST API User Manual.

Authentication and Authorization

Username and password authentication is required for access to endpoints and REST operations.

Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.

App and user context

Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. For more information about specifying a namespace, see Namespace in the REST API User Manual.

Additional introspection information

See Introspection endpoint descriptions for the system endpoints related to introspection.

Splunk Cloud URL for REST API access

Splunk Cloud has a different host and management port syntax than Splunk Enterprise. Depending on your deployment type, use one of the following options to access REST API resources.

Managed Splunk Cloud deployments

Use the following URL for managed deployments. If necessary, submit a support case to open port 8089 on your deployment. Please include the IP Addresses/CIDR Ranges you would like to have access from.

https://<deployment-name>.splunkcloud.com:8089

E-commerce Splunk Cloud deployments

Use the following URL for e-commerce deployments. To get the required non-SAML user credentials, submit a support case.

http://api-<deployment-name>.cloud.splunk.com:8089

See Using the REST API in Splunk Cloud in the the Splunk REST API Tutorials for more information.

messages

https://<host>:<mPort>/services/messages

Access and create system messages. Most messages are created by splunkd to inform the user of system information, including license quotas, license expirations, misconfigured indexes, and disk space. Splunk Web displays these as bulletin board messages.

GET

Show systemwide messages.

Request parameters
Pagination and filtering parameters can be used with this method.

Response keys
Depending on the system status, messages returned vary. Messages returned in the response include a name and description, as in the following example.

Name	Description
help	For internal use only
<message_name>	The message name depends on the specific message returned. This field might contain the same text as the message field. In the following example response, this field is `"manifest_error"`.
message	Message text
server	Name of the server that generated the error
severity	One of the following message severity values `info` `warn` `error`
timeCreated_epochSecs	Timestamp when the message was posted
timeCreated_iso	ISO formatted timestamp

Example request and response

XML Request

curl -k -u admin:changed https://localhost:8089/services/admin/messages

XML Response

<title>messages</title>
  <id>https://10.140.53.114:8089/services/admin/messages</id>
     ...
  <entry>
    <title>manifest_error</title>
    <id>https://10.140.53.114:8089/services/admin/messages/manifest_error</id>
    <updated>2016-09-01T13:10:34-07:00</updated>
    <link href="/services/admin/messages/manifest_error" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/admin/messages/manifest_error" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>*</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="help"></s:key>
        <s:key name="manifest_error">File Integrity checks found 145 files that did not match the system-provided manifest.  See splunkd.log for details.</s:key>
        <s:key name="message">File Integrity checks found 145 files that did not match the system-provided manifest.  See splunkd.log for details.</s:key>
        <s:key name="server">docs-unix-4</s:key>
        <s:key name="severity">warn</s:key>
        <s:key name="timeCreated_epochSecs">1472739529</s:key>
        <s:key name="timeCreated_iso">2016-09-01T07:18:49-07:00</s:key>
      </s:dict>
    </content>
  </entry>

POST

Create a persistent message displayed at /services/messages.

Request parameters

Name	Type	Description
<name>	String	Required. Message name (key).
capability	Comma separated list	One or more capabilities that users must have to view the message. Capability names are validated.
value	String	Required. Message text.
severity	String	One of the following message severity values. `info` `warn` `error`

Response keys
None

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/messages -d name=helloMessage -d value="hello world" -d severity="info"

XML Response

.
.
.
<title>messages</title>
 <id>https://localhost:8089/services/messages</id>
 <updated>2014-02-20T10:24:02-08:00</updated>
 <generator build="197187" version="6.1beta"/>
 <author>
   <name>Splunk</name>
 </author>
 <link href="/services/messages/_new" rel="create"/>
    ... opensearch elements elided ...
 <s:messages/>
 <entry>
   <title>helloMessage</title>
   <id>https://localhost:8089/services/messages/helloMessage</id>
   <updated>2014-02-20T10:24:02-08:00</updated>
   <link href="/services/messages/helloMessage" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/messages/helloMessage" rel="remove"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="helloMessage">"hello world"</s:key>
       <s:key name="eai:acl">
          ... elided ...
       </s:key>
       <s:key name="message">"hello world"</s:key>
       <s:key name="severity">info</s:key>
       <s:key name="timeCreated_epochSecs">1392920642</s:key>
     </s:dict>
   </content>
 </entry>

messages/{name}

https://<host>:<mPort>/services/messages/{name}

Manage the message associated with the {name} message ID.

DELETE

Delete the specified message.

Request parameters
None

Response keys
None. An HTTP status code = 500 is returned if {name} message does not exist.

Example request and response

XML Request

curl -k -u admin:changeme --request DELETE https://localhost:8089/services/messages/message

XML Response

.
.
.
 <title>messages</title>
 <id>https://localhost:8089/services/messages</id>
 <updated>2011-07-08T01:14:21-07:00</updated>
 <generator version="102807"/>
 <author>
   <name>Splunk</name>
 </author>
 <link href="/services/messages/_new" rel="create"/>
    ... opensearch elements elided ...
 <s:messages/>

GET

Get details of the specified message.

Request parameters
None

Response keys

Name	Description
help	For internal use only
<message_name>	The message name depends on the specific message returned. This field might contain the same text as the message field. In the following example response, this field is `"manifest_error"`.
message	Message text
server	Name of the server that generated the error
severity	One of the following message severity values `info` `warn` `error`
timeCreated_epochSecs	Timestamp when the message was posted
timeCreated_iso	ISO formatted timestamp

Example request and response

XML Request

curl -k -u admin:changed https://localhost:8089/services/admin/messages/manifest_error

XML Response

...
<title>messages</title>
  <id>https://localhost:8089/services/admin/messages</id>
  <updated>2016-09-01T13:10:59-07:00</updated>
  <generator build="3b17605ee8e3" version="6.5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/admin/messages/_new" rel="create"/>
  <link href="/services/admin/messages/_acl" rel="_acl"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>manifest_error</title>
    <id>https://localhost:8089/services/admin/messages/manifest_error</id>
    <updated>2016-09-01T13:10:59-07:00</updated>
    <link href="/services/admin/messages/manifest_error" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/admin/messages/manifest_error" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>*</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list/>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="help"></s:key>
        <s:key name="manifest_error">File Integrity checks found 145 files that did not match the system-provided manifest.  See splunkd.log for details.</s:key>
        <s:key name="message">File Integrity checks found 145 files that did not match the system-provided manifest.  See splunkd.log for details.</s:key>
        <s:key name="server">docs-unix-4</s:key>
        <s:key name="severity">warn</s:key>
        <s:key name="timeCreated_epochSecs">1472739529</s:key>
        <s:key name="timeCreated_iso">2016-09-01T07:18:49-07:00</s:key>
      </s:dict>
    </content>
  </entry>

server/control

https://<host>:<mPort>/services/server/control

List available controls.

GET

List actions that can be performed at this endpoint.

Request parameters
None

Response keys
None

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/control

XML Response

.
.
.
 <title>server-control</title>
 <id>https://localhost:8089/services/server/control</id>
 <updated>2011-07-12T00:17:53-07:00</updated>
 <generator version="102807"/>
 <author>
   <name>Splunk</name>
 </author>
 <link href="/services/server/control/restart" rel="restart"/>
    ... opensearch elements elided ...
 <s:messages/>

server/control/restart

https://<host>:<mPort>/services/server/control/restart

Restart the splunkd server daemon and Splunk Web interface. The POST operation is equivalent to the splunk restart CLI command.

POST

Restart the splunkd server daemon and Splunk Web interface.

Request parameters
None

Response keys
An HTTP status code 200 indicates successful restart.

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/control/restart -X POST

XML Response

.
.
.
 <title>server-control</title>
 <id>https://localhost:8089/services/server/control</id>
 <updated>2014-08-05T13:02:50-07:00</updated>
 <generator build="221120" version="6.2"/>
 <author>
   <name>Splunk</name>
 </author>
 <link href="/services/server/control/restart" rel="restart"/>
 <link href="/services/server/control/restart_webui" rel="restart_webui"/>
 ... opensearch nodes elided ...
 <s:messages/>

server/control/restart_webui

https://<host>:<mPort>/services/server/control/restart_webui

Restart the Splunk Web interface. This interface is equivalent to the splunk restart splunkweb CLI command, and restarts the Web interface on servers with the default app server mode set. See also server/control/restart

POST

Restart the Splunk Web interface.

Request parameters
None

Response keys
An HTTP status code 200 indicates successful restart.

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/control/restart_webui -X POST

XML Response

.
.
.
 <title>server-control</title>
 <id>https://localhost:8089/services/server/control</id>
 <updated>2014-08-05T12:10:37-07:00</updated>
 <generator build="221120" version="6.2"/>
 <author>
   <name>Splunk</name>
 </author>
 <link href="/services/server/control/restart" rel="restart"/>
 <link href="/services/server/control/restart_webui" rel="restart_webui"/>
 ... opensearch elements elided ...
 <s:messages/>

server/httpsettings/proxysettings

https://<host>:<mPort>/services/server/httpsettings/proxysettings

Create an HTTP Proxy Server configuration for splunkd.

Authentication and Authorization
Requires the edit_server capability.

POST

Create a HTTP Proxy server configuration stanza for use with splunkd.

The POST request generates a proxyConfig configuration that you can access or update at server/settings/httpsettings/proxysettings/proxyConfig.

Request parameters

Name	Type	Description
name	String	Required. Use `"proxyConfig"` to name the configuration stanza.

Returned values
None

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/httpsettings/proxysettings -d name="proxyConfig''

XML Response

<entry>
   <title>proxyConfig</title>
   <id>https://localhost:8089/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig</id>
   <updated>1969-12-31T16:00:00-08:00</updated>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="alternate"/>
   <author>
     <name>nobody</name>
   </author>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="list"/>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/_reload" rel="_reload"/>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="edit"/>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="remove"/>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/move" rel="move"/>
   <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/disable" rel="disable"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="disabled">0</s:key>
       <s:key name="eai:acl">
         <s:dict>
           <s:key name="app">search</s:key>
           <s:key name="can_change_perms">1</s:key>
           <s:key name="can_list">1</s:key>
           <s:key name="can_share_app">1</s:key>
           <s:key name="can_share_global">1</s:key>
           <s:key name="can_share_user">0</s:key>
           <s:key name="can_write">1</s:key>
           <s:key name="modifiable">1</s:key>
           <s:key name="owner">nobody</s:key>
           <s:key name="perms">
             <s:dict>
               <s:key name="read">
                 <s:list>
                   <s:item>*</s:item>
                 </s:list>
               </s:key>
               <s:key name="write">
                 <s:list>
                   <s:item>*</s:item>
                 </s:list>
               </s:key>
             </s:dict>
           </s:key>
           <s:key name="removable">1</s:key>
           <s:key name="sharing">app</s:key>
         </s:dict>
       </s:key>
     </s:dict>
   </content>
 </entry>

server/httpsettings/proxysettings/proxyConfig

https://<host>:<mPort>/services/server/httpsettings/proxysettings/proxyConfig

Access, update, or delete the HTTP Proxy Server configurations for splunkd including http_proxy, https_proxy and no_proxy.

Authentication and Authorization
All operations on this endpoint require the edit_server capability.

GET

Access the {proxyConfig} HTTP proxy server configurations for splunkd.

Request parameters

Name	Type	Description
http_proxy	String	Identifies the server proxy. When set, splunkd sends all HTTP requests through the proxy server defined in `http_proxy` on the proxy. The default value is unset.
https_proxy	String	Identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined in `https_proxy`. If not set, splunkd uses the `http_proxy` variable instead. The default value is unset.
no_proxy	String	Identifies the no proxy rules. When set, splunkd uses these rules to decide whether the proxy server needs to be bypassed for matching hosts and IP addresses. Requests going to a `localhost/loopback` address are not proxied. The default value is `localhost, 127.0.0.1, ::1`.

Returned values
None

Example request and response

XML Request

curl -k -u admin:changed https://localhost:8089/services/server/httpsettings/proxysettings -d name="proxyConfig''

XML Response

  <entry>
    <title>proxyConfig</title>
    <id>https://localhost:8089/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig</id>
    <updated>1969-12-31T16:00:00-08:00</updated>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="list"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="edit"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="remove"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/move" rel="move"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/disable" rel="disable"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app">search</s:key>
            <s:key name="can_change_perms">1</s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_share_app">1</s:key>
            <s:key name="can_share_global">1</s:key>
            <s:key name="can_share_user">0</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">1</s:key>
            <s:key name="owner">nobody</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>*</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>*</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">1</s:key>
            <s:key name="sharing">app</s:key>
          </s:dict>
        </s:key>
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list>
                <s:item>http_proxy</s:item>
                <s:item>https_proxy</s:item>
                <s:item>no_proxy</s:item>
              </s:list>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
      </s:dict>
    </content>
  </entry>

POST

Update the {proxyConfig} HTTP proxy server configurations for splunkd.

Request parameters

Name	Type	Description
http_proxy	String	Identifies the server proxy. When set, splunkd sends all HTTP requests through the proxy server defined in `http_proxy` on the proxy. The default value is unset.
https_proxy	String	Identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined in `https_proxy`. If not set, splunkd uses the `http_proxy` variable instead. The default value is unset.
no_proxy	String	Identifies the no proxy rules. When set, splunkd uses these rules to decide whether the proxy server needs to be bypassed for matching hosts and IP addresses. Requests going to a `localhost/loopback` address are not proxied. The default value is `localhost, 127.0.0.1, ::1`.

Returned values
None

Example request and response

XML Request

curl -k -u admin:changed https://localhost:8089/services/server/httpsettings/proxysettings -d no_proxy="test''

XML Response

  <entry>
    <title>proxyConfig</title>
    <id>https://localhost:8089/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig</id>
    <updated>1969-12-31T16:00:00-08:00</updated>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="list"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="edit"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="remove"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/move" rel="move"/>
    <link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/disable" rel="disable"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app">search</s:key>
            <s:key name="can_change_perms">1</s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_share_app">1</s:key>
            <s:key name="can_share_global">1</s:key>
            <s:key name="can_share_user">0</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">1</s:key>
            <s:key name="owner">nobody</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>*</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>*</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">1</s:key>
            <s:key name="sharing">app</s:key>
          </s:dict>
        </s:key>
        <s:key name="no_proxy">test</s:key>
      </s:dict>
    </content>
  </entry>

DELETE

Delete the {proxyConfig} HTTP proxy server configurations for splunkd.

Request parameters
None

Returned values
None

Example request and response

XML Request

curl -k -u admin:changed https://localhost:8089/services/server/httpsettings/proxysettings/proxyConfig -X DELETE

XML Response

<title>proxysettings</title>
  <id>https://wimpy.sv.splunk.com:34001/services/server/httpsettings/proxysettings</id>
  <updated>2017-04-20T17:14:52-07:00</updated>
  <generator build="845bc99189da" version="6.6.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/server/httpsettings/proxysettings/_new" rel="create"/>
  <link href="/services/server/httpsettings/proxysettings/_reload" rel="_reload"/>
  <link href="/services/server/httpsettings/proxysettings/_acl" rel="_acl"/>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>

server/logger

https://<host>:<mPort>/services/server/logger

Access splunkd logging categories specified in code or in $SPLUNK_HOME/etc/log.cfg.

GET

Enumerate splunkd logging categories.

Request parameters
Pagination and filtering parameters can be used with this method.

Response keys

Name	Description
level	One of the following valid logger levels for this server. FATAL WARN INFO DEBUG

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/logger

XML Response

.
.
.
<title>logger</title>
 <id>https://mrt:8089/services/server/logger</id>
 <updated>2011-05-16T20:29:38-0700</updated>
 <generator version="98144"/>
 <author>
   <name>Splunk</name>
 </author>
    ... opensearch elements elided ...
 <s:messages/>
 <entry>
   <title>AdminHandler:AuthenticationHandler</title>
   <id>https://mrt:8089/services/server/logger/AdminHandler%3AAuthenticationHandler</id>
   <updated>2011-05-16T20:29:38-0700</updated>
   <link href="/services/server/logger/AdminHandler%3AAuthenticationHandler" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/server/logger/AdminHandler%3AAuthenticationHandler" rel="list"/>
   <link href="/services/server/logger/AdminHandler%3AAuthenticationHandler" rel="edit"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="eai:acl">... elided ...</s:key>
       <s:key name="level">WARN</s:key>
     </s:dict>
   </content>
 </entry>
       .
       .
       .
     elided
       .
       .
       .
 <entry>
   <title>Application</title>
   <id>https://mrt:8089/services/server/logger/Application</id>
   <updated>2011-05-16T20:29:38-0700</updated>
   <link href="/services/server/logger/Application" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/server/logger/Application" rel="list"/>
   <link href="/services/server/logger/Application" rel="edit"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="eai:acl">... elided ...</s:key>
       <s:key name="level">WARN</s:key>
     </s:dict>
   </content>
 </entry>
 <entry>
   <title>ApplicationManager</title>
   <id>https://mrt:8089/services/server/logger/ApplicationManager</id>
   <updated>2011-05-16T20:29:38-0700</updated>
   <link href="/services/server/logger/ApplicationManager" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/server/logger/ApplicationManager" rel="list"/>
   <link href="/services/server/logger/ApplicationManager" rel="edit"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="eai:acl">... elided ...</s:key>
       <s:key name="level">WARN</s:key>
     </s:dict>
   </content>
 </entry>

server/logger/{name}

https://<host>:<mPort>/services/server/logger/{name}

Manage the {name} logging category.

GET

Access information about the specified splunkd logging category.

Request parameters
None

Response keys

Name	Description
level	One of the following valid logger levels for this server. FATAL WARN INFO DEBUG

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/logger/Application

XML Response

.
.
.
<title>logger</title>
 <id>https://localhost:8089/services/server/logger</id>
 <updated>2011-07-02T15:10:44-07:00</updated>
 <generator version="100492"/>
 <author>
   <name>Splunk</name>
 </author>
    ... opensearch elements elided ...
 <s:messages/>
 <entry>
   <title>Application</title>
   <id>https://localhost:8089/services/server/logger/Application</id>
   <updated>2011-07-02T15:10:44-07:00</updated>
   <link href="/services/server/logger/Application" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/server/logger/Application" rel="list"/>
   <link href="/services/server/logger/Application" rel="edit"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="eai:acl">... elided ...</s:key>
       <s:key name="eai:attributes">
         <s:dict>
           <s:key name="optionalFields">
             <s:list/>
           </s:key>
           <s:key name="requiredFields">
             <s:list>
               <s:item>level</s:item>
             </s:list>
           </s:key>
           <s:key name="wildcardFields">
             <s:list/>
           </s:key>
         </s:dict>
       </s:key>
       <s:key name="level">WARN</s:key>
     </s:dict>
   </content>
 </entry>

POST

Set the logging level for a specific logging category.

Request parameters

Name	Type	Description
level	Enum	Required. The desired logging level for this category. One of the following valid values. [FATAL \| WARN \| INFO \| DEBUG]

Response keys
None

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/logger/Application -d level=INFO

XML Response

.
.
.
 <title>logger</title>
 <id>https://localhost:8089/services/server/logger</id>
 <updated>2011-07-07T00:24:02-07:00</updated>
 <generator version="102807"/>
 <author>
   <name>Splunk</name>
 </author>
 <s:messages/>

server/roles

https://<host>:<mPort>/services/server/roles

Access server role information.

See also the server-roles attribute in /server/info.

GET

Access the roles applicable to this server.

Request parameters
None

Response keys

Name	Description
<variable>	Zero or more of the following possible server roles. indexer universal_forwarder heavyweight_forwarder lightweight_forwarder license_master license_slave cluster_master cluster_slave cluster_search_head deployment_server deployment_client search_head search_peer shc_captain shc_deployer shc_member

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/roles

XML Response

.
.
.
 <title>server-roles</title>
 <id>https://localhost:8089/services/server/roles</id>
 <updated>2014-04-02T12:13:07-07:00</updated>
 <generator build="200839" version="6.1"/>
 <author>
   <name>Splunk</name>
 </author>
 <link href="/services/server/roles/catalog_allPossible_predefined" rel="catalog_allPossible_predefined"/>
   ... opensearch elements elided ...
 <s:messages/>
 <entry>
   <title>result</title>
   <id>https://localhost:8089/services/server/roles/result</id>
   <updated>2014-04-02T12:13:07-07:00</updated>
   <link href="/services/server/roles/result" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/server/roles/result" rel="list"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="eai:acl">
           ... elided ...
       </s:key>
       <s:key name="indexer"/>
       <s:key name="license_master"/>
       <s:key name="license_slave"/>
     </s:dict>
   </content>
 </entry>

server/settings

https://<host>:<mPort>/services/server/settings

Access server configuration information for a Splunk platform instance.

GET

Returns server configuration for a Splunk deployment.

Request parameters
Pagination and filtering parameters can be used with this method.

Response keys

Name	Description
SPLUNK_DB	Absolute filepath to the default index for this deployment.
SPLUNK_HOME	Absolute filepath to the local installation of this deployment.
enableSplunkWebSSL	Indicates if HTTPS and SSL are enabled for Splunk Web.
host	The default hostname to use for data inputs that do not override this setting.
httpport	Port on which Splunk Web listens for this instance. Defaults to 8000. If using SSL, set to the HTTPS port number.
mgmtHostPort	The port on which Splunk Web listens for management operations. Defaults to 8089.
minFreeSpace	Safe amount of space in MB that must exist for splunkd to continue operating. `minFreespace` affects search and indexing in the following ways. Before attempting to launch a search, the Splunk platform requires this amount of free space on the filesystem where the dispatch directory is stored, `$SPLUNK_HOME/var/run/splunk/dispatch`. Applied similarly to the search quota values in authorize.conf and limits.conf. For indexing, periodically, the indexer checks space on all partitions that contain splunk indexes as specified by indexes.conf. When you need to clear more disk space, indexing is paused and the Splunk platform posts a UI banner + warning.
pass4SymmKey	Password string prefixed to the Splunk platform symmetric key, generating the final key to sign all traffic between master/slave licenser.
serverName	Name identifying this instance for features such as distributed search.
sessionTimeout	Time range string to indicate the amount of time before a user session times out. Expressed as a search-like time range. The default is 1h (one hour). Here are some examples. `24h` (24 hours) `3d` (3 days) `7200s` (7200 seconds, or two hours)
startwebserver	Indicates whether Splunk Web is configured to start by default.
trustedIP	IP address of the authenticating proxy. Set to a valid IP address to enable SSO. Disabled by default. Normal value is '127.0.0.1'

Example request and response

XML Request

curl -k -u admin:changeme https://localhost:8089/services/server/settings

XML Response

.
.
.
<title>server-settings</title>
 <id>https://localhost:8089/services/server/settings</id>
 <updated>2011-07-08T01:56:40-07:00</updated>
 <generator version="102807"/>
 <author>
   <name>Splunk</name>
 </author>
    ... opensearch elements elided ...
 <s:messages/>
 <entry>
   <title>settings</title>
   <id>https://localhost:8089/services/server/settings/settings</id>
   <updated>2011-07-08T01:56:40-07:00</updated>
   <link href="/services/server/settings/settings" rel="alternate"/>
   <author>
     <name>system</name>
   </author>
   <link href="/services/server/settings/settings" rel="list"/>
   <link href="/services/server/settings/settings" rel="edit"/>
   <content type="text/xml">
     <s:dict>
       <s:key name="SPLUNK_DB">/home/amrit/temp/curl/splunk/var/lib/splunk</s:key>
       <s:key name="SPLUNK_HOME">/home/amrit/temp/curl/splunk</s:key>
       ... eai:acl node elided ...
       <s:key name="enableSplunkWebSSL">0</s:key>
       <s:key name="host">MrT</s:key>
       <s:key name="httpport">8001</s:key>
       <s:key name="mgmtHostPort">8085</s:key>
       <s:key name="minFreeSpace">2000000</s:key>
       <s:key name="pass4SymmKey">changeme</s:key>
       <s:key name="serverName">MrT</s:key>
       <s:key name="sessionTimeout">1h</s:key>
       <s:key name="startwebserver">1</s:key>
       <s:key name="trustedIP"/>
     </s:dict>
   </content>
 </entry>

Related answers from Splunk Community

System endpoint descriptions

Usage details

Review ACL information for an endpoint

Authentication and Authorization

App and user context

Additional introspection information

Splunk Cloud URL for REST API access

Managed Splunk Cloud deployments

E-commerce Splunk Cloud deployments

messages

GET

POST

messages/{name}

DELETE

GET

server/control

GET

server/control/restart

POST

server/control/restart_webui

POST

server/httpsettings/proxysettings

POST

server/httpsettings/proxysettings/proxyConfig

GET

POST

DELETE

server/logger

GET

server/logger/{name}

GET

POST

server/roles

GET

server/settings

GET

Comments

System endpoint descriptions

Was this topic useful?