Endpoints reference list
Navigate to specific endpoints and review available REST operations. Endpoints are listed alphabetically.
The PUT operation is not available for REST API endpoints. Depending on the endpoint, you can use a POST operation to create and/or update resources. Check specific endpoints for details.
Namespace access
Some resources in the REST API are associated with specific namespaced user and app contexts.
To access namespaces associated with all users, all apps, or resources shared by all users for an endpoint (similar to 'file globbing' or 'recursion' of input directories), make a GET request using servicesNS
with wildcard -
characters for the app and user. For example, use /servicesNS/-/-/saved/searches
.
For more details, see Namespace in the REST API User Manual.
Endpoints
URI | Summary | GET | PUT | POST | DEL | |
---|---|---|---|---|---|---|
admin/
|
||||||
admin/LDAP-groups | Access Manage LDAP authentication. |
✔ | ✔ | |||
admin/metrics-reload/_metrics | Access Reload the metrics processor after updating a metrics-related configuration. |
✔ | ||||
admin/ProxySSO-auth | Access Manage ProxySSO mappings and configurations. |
✔ | ✔ | ✔ | ||
admin/replicate-SAML-certs | Access Manage SAML authentication. |
✔ | ||||
admin/Rsa-MFA | Access Configure RSA Multifactor Authentication. |
✔ | ✔ | ✔ | ||
admin/Rsa-MFA-config-verify/<rsa-stanza-name> | Access Verify RSA multifactor authentication. |
✔ | ||||
Access Convert external groups in an IdP response to internal Splunk platform roles. |
✔ |
✔ |
✔ | |||
Access Access IdP SAML metadata attributes. |
✔ |
|||||
Access Access service provider SAML metadata attributes. |
✔ |
|||||
Access Access or create SAML user and role information for saved searches if your IdP does not support Attribute Query Requests. |
✔ |
✔ |
✔ | |||
Access Access or create SAML user and role information for saved searches if your IdP does not support Attribute Query Requests. |
✔ | |||||
alerts/
|
GET | PUT | POST | DELETE | ||
alerts/alert_actions | Search Access a list of alert actions |
✔ |
| |||
alerts/fired_alerts | Search Access all fired alerts |
✔ |
||||
alerts/fired_alerts/{name} | Search Access specific fired alert |
✔ |
✔ | |||
apps/
|
GET | PUT | POST | DELETE | ||
apps/appinstall | Applications Install app from URL or local file |
✔ |
||||
apps/apptemplates | Applications Access app templates for creating new apps |
✔ |
||||
apps/apptemplates/{name} | Applications Access particular app template |
✔ |
||||
apps/local | Applications Manage local apps |
✔ |
✔ |
|||
apps/local/{name} | Applications Manage specific local app |
✔ |
✔ |
✔ | ||
apps/local/{name}/package | Applications Archive an app |
✔ |
||||
apps/local/{name}/setup | Applications Access setup information for an app |
✔ |
||||
apps/local/{name}/update | Applications Access update information for an app |
✔ |
||||
authentication/
|
GET | PUT | POST | DELETE | ||
auth/login | Access control Provide user authentication |
✔ |
||||
authentication/current-context | Access control Access current user contexts |
✔ |
||||
authentication/current-context/{name} | Access control Access specific user context |
✔ |
||||
authentication/httpauth-tokens | Access control Manage session tokens |
✔ |
||||
authentication/httpauth-tokens/{name} | Access control Manage specific session token |
✔ |
✔ | |||
authentication/LDAP-auth | Access Create and manage LDAP strategies. |
✔ | ✔ | ✔ | ||
authentication/providers/SAML | Access control Access and create SAML configurations. |
✔ |
✔ | |||
authentication/providers/SAML/{stanza_name} | Access control Access and update SAML configurations. |
✔ |
✔
| |||
authentication/users | Access control Manage user accounts |
✔ |
✔ |
|||
authentication/users/{name} | Access control Manage specific user account |
✔ |
✔ |
✔
| ||
authorization/
|
GET | PUT | POST | DELETE | ||
authorization/capabilities | Access control Access capability authorization |
✔ |
||||
authorization/grantable_capabilities | Access control Access capabilities that current user can grant. |
✔ |
| |||
authorization/roles | Access control Access user roles |
✔ |
✔ |
|||
authorization/roles/{name} | Access control Access specific user role |
✔ |
✔ |
✔ | ||
authorization/tokens | Access control Access authentication tokens |
✔ |
✔ |
✔ | ||
authorization/tokens/{user} | Access control Access authentication tokens for a specific user |
✔ |
✔ |
✔
| ||
catalog/
|
GET | PUT | POST | DELETE | ||
catalog/metricstore/metrics | Metrics List metric names. |
✔ |
||||
catalog/metricstore/dimensions | Metrics List dimension names. |
✔ |
||||
catalog/metricstore/dimensions/{dimension-name}/values | Metrics List values for given dimensions. |
✔ |
||||
catalog/metricstore/rollup | Metrics Retrieve lists of metric indexes and their rollup summaries. Create new rollup policies for a given metric index. |
✔ |
✔ |
|||
catalog/metricstore/rollup/{index} | Metrics Manage rollup summaries and rollup policies associated with a specific source {index} .
|
✔ |
✔ |
✔ | ||
cluster/
|
GET | PUT | POST | DELETE | ||
cluster/config | Clusters Access cluster configuration |
✔ |
||||
cluster/config/config | Clusters Manage cluster configuration |
✔ |
✔ |
|||
cluster/manager/buckets | Clusters Access manager node bucket configurations |
✔ |
||||
cluster/manager/buckets/{name} | Clusters Access specific bucket configuration, manager node |
✔ |
||||
cluster/manager/control/control/rebalance_primaries | Clusters Access manager controls to rebalance primary buckets across peers |
✔ |
||||
cluster/manager/control/control/remove_peers | Clusters Remove disabled peer nodes. |
✔ |
||||
cluster/manager/control/control/roll-hot-buckets | Clusters Force a specified bucket in an indexer cluster to roll from hot to warm. |
✔ |
||||
cluster/manager/control/control/rolling_upgrade_finalize | Clusters Finalizes indexer cluster rolling upgrade. |
✔ | ||||
cluster/manager/control/control/rolling_upgrade_init | Clusters Initializes indexer cluster rolling upgrade. |
✔ | ||||
cluster/manager/generation | Clusters Access current generations information, manager node |
✔ |
✔ |
|||
cluster/manager/generation/{name} | Clusters Access specific generation information, cluster manager |
✔ |
✔ |
|||
cluster/manager/indexes | Clusters Access cluster index information |
✔ |
||||
cluster/manager/indexes/{name} | Clusters Access specific cluster index information |
✔ |
||||
cluster/manager/info | Clusters Access cluster manager node information |
✔ |
||||
cluster/manager/health | Clusters Performs health checks |
✔ | ||||
cluster/manager/peers | Clusters Access peer information, manager node |
✔ |
||||
cluster/manager/peers/{name} | Clusters Access specific manager node peer information |
✔ |
||||
cluster/manager/redundancy | Clusters Display the details of all cluster managers participating in cluster manager redundancy, and switch the HA state of the cluster managers. |
✔ |
✔ |
|||
cluster/manager/sites | Clusters Access cluster site information |
✔ |
||||
cluster/manager/sites/{name} | Clusters Access specific cluster site information |
✔ |
||||
cluster/manager/status | Clusters Status of rolling restart |
✔ | ||||
cluster/searchhead/generation | Clusters Access searchhead peer information |
✔ |
||||
cluster/searchhead/generation/{name} | Clusters Access specific searchhead peer information |
✔ |
||||
cluster/searchhead/searchheadconfig | Clusters Access cluster configuration for searchhead |
✔ |
✔ |
|||
cluster/searchhead/searchheadconfig/{name} | Clusters Access specific cluster node |
✔ |
✔ |
✔ | ||
cluster/peer/buckets | Clusters Access peer bucket configuration information |
✔ |
||||
cluster/peer/buckets/{name} | Clusters Access specific peer bucket configuration information |
✔ |
✔ | |||
cluster/peer/control/control/decommission | Clusters Decommission indexer cluster peer node |
✔ | ||||
cluster/peer/control/control/set_manual_detention | Clusters Configure indexer detention. |
✔ |
✔ |
|||
cluster/peer/info | Clusters Access peer node information |
✔ |
||||
cluster/peer/info/{name} | Clusters Access information about specific peer |
✔ |
||||
configs/
|
GET | PUT | POST | DELETE | ||
configs/conf-{file} | Configuration Raw access to .conf files
|
✔ |
✔ |
|||
configs/conf-{file}/{name} | Configuration Raw access to specific .conf file
|
✔ |
✔ |
✔ | ||
data/
|
GET | PUT | POST | DELETE | ||
data/commands | Search Access search commands |
✔ |
||||
data/commands/{name} | Search Access specific search command |
✔ |
||||
data/index-volumes | Indexes Access logical drive information |
✔ |
||||
data/index-volumes/{name} | Indexes Access information for a logical drive |
✔ |
||||
data/indexes | Indexes Manage data indexes |
✔ |
✔ |
|||
data/indexes/{name} | Indexes Manage specific data index |
✔ |
✔ |
✔ | ||
data/indexes-extended | Indexes Access index bucket level information |
✔ |
||||
data/indexes-extended/{name} | Indexes Access specific index bucket level information |
✔ |
||||
data/ingest/rfsdestinations | Inputs Create/configure, get, or delete an S3 destination for ingest action. |
✔ |
✔ |
✔ | ||
data/ingest/rulesets | Inputs Retrieve a list of rulesets. |
✔ |
✔ |
|||
data/ingest/rulesets/{name} | Inputs Retrieve a particular ruleset. |
✔ |
✔ |
|||
data/ingest/rulesets/publish | Inputs Publish ruleset changes on the indexer cluster manager. |
✔ |
||||
data/inputs/ad | Inputs Access Active Directory monitoring input |
✔ |
✔ |
|||
data/inputs/ad/{name} | Inputs Access Active Directory monitoring stanza |
✔ |
✔ |
✔ | ||
data/inputs/all | Inputs Access all inputs, including Modular Inputs |
✔ |
||||
data/inputs/all/{name} | Inputs Access specific input |
✔ |
||||
data/inputs/http | Input Configure HTTP Event Collection. |
✔ | ✔ | |||
data/inputs/http/{name} | Input Configure HTTP Event Collection. |
✔ | ✔ | ✔ | ||
data/inputs/monitor | Inputs Access monitor inputs |
✔ |
✔ |
|||
data/inputs/monitor/{name} | Inputs Manage specific monitor input |
✔ |
✔ |
✔ | ||
data/inputs/monitor/{name}/members | Inputs Access files for the specific monitor input |
✔ |
||||
data/inputs/oneshot | Inputs Access one-shot inputs |
✔ |
✔ |
|||
data/inputs/oneshot/{name} | Inputs Access specific one-shot input information |
✔ |
||||
data/inputs/registry | Inputs Access Windows registry monitor input |
✔ |
✔ |
|||
data/inputs/registry/{name} | Inputs Manage Windows registry monitor stanza |
✔ |
✔ |
✔ | ||
data/inputs/script | Inputs Manage scripted inputs settings |
✔ |
✔ |
|||
data/inputs/script/restart | Inputs Restart scripted input |
✔ |
||||
data/inputs/script/{name} | Inputs Manage specific scripted input |
✔ |
✔ |
✔ | ||
data/inputs/tcp/cooked | Inputs Access forwarder TCP inputs |
✔ |
✔ |
|||
data/inputs/tcp/cooked/{name} | Inputs Manage TCP inputs for specific host:port |
✔ |
✔ |
✔ | ||
data/inputs/tcp/cooked/{name}/connections | Inputs Access connections for specific port |
✔ |
||||
data/inputs/tcp/raw | Inputs Manage raw forwarder TCP inputs |
✔ |
✔ |
|||
data/inputs/tcp/raw/{name} | Inputs Access raw TCP input information |
✔ |
✔ |
✔ | ||
data/inputs/tcp/raw/{name}/connections | Inputs Manage raw TCP input information for specific host:port |
✔ |
||||
data/inputs/tcp/splunktcptoken | Inputs Manage receiver access using tokens. |
✔ |
✔ |
|||
data/inputs/tcp/splunktcptoken/{name} | Inputs Manage existing receiver tokens. |
✔ |
✔ |
✔ | ||
data/inputs/tcp/ssl | Inputs Access SSL configuration information |
✔ |
||||
data/inputs/tcp/ssl/{name} | Inputs Access SSL configuration for specific host |
✔ |
✔ |
|||
data/inputs/token/http | Inputs Access http inputs |
✔ |
✔ |
|||
data/inputs/token/http/{name} | Inputs Manage specific http input |
✔ |
✔ |
✔ | ||
data/inputs/token/http/{name}/enable | Inputs Enable the {name} HTTP Event Collector token. |
✔ |
||||
data/inputs/token/http/{name}/disable | Inputs Disable the {name} HTTP Event Collector token.
|
✔ |
||||
data/inputs/udp | Inputs Access UDP inputs |
✔ |
✔ |
|||
data/inputs/udp/{name} | Inputs Manage specific UDP input |
✔ |
✔ |
✔ | ||
data/inputs/udp/{name}/connections | Inputs Manage specific UDP input connection |
✔ |
||||
data/inputs/win-event-log-collections | Inputs Access all configured event log collections |
✔ |
✔ |
|||
data/inputs/win-event-log-collections/{name} | Inputs Manage specific event log |
✔ |
✔ |
✔ | ||
data/inputs/win-perfmon | Inputs Access Windows performance monitor information |
✔ |
✔ |
|||
data/inputs/win-perfmon/{name} | Inputs Manage specific performance monitor configuration stanza |
✔ |
✔ |
✔ | ||
data/inputs/win-wmi-collections | Inputs Access configured WMI collections |
✔ |
✔ |
|||
data/inputs/win-wmi-collections/{name} | Inputs Manage specific WMI collection |
✔ |
✔ |
✔ | ||
data/lookup-table-files | Knowledge Access lookup table files |
✔ |
✔ |
|||
data/lookup-table-files/{name} | Knowledge Manage specific lookup table file |
✔ |
✔ |
✔ | ||
data/modular-inputs | Inputs Access defined modular inputs |
✔ |
||||
data/modular-inputs/{name} | Inputs Manage specific modular input |
✔ |
||||
data/outputs/tcp/default | Outputs Access global TCP output properties |
✔ |
✔ |
|||
data/outputs/tcp/default/{name} | Outputs Manage specific TCP output property setting |
✔ |
✔ |
✔ | ||
data/outputs/tcp/group | Outputs Access data forwarding group configurations |
✔ |
✔ |
|||
data/outputs/tcp/group/{name} | Outputs Manage specific data forwarding group |
✔ |
✔ |
✔ | ||
data/outputs/tcp/server | Outputs Access data forwarding configurations |
✔ |
✔ |
|||
data/outputs/tcp/server/{name} | Outputs Manage specific forwarder configuration |
✔ |
✔ |
✔ | ||
data/outputs/tcp/server/{name}/allconnections | Outputs Access current connections for specific forwarder |
✔ |
||||
data/outputs/tcp/syslog | Outputs Access forwarded server configured to provide data in standard syslog format |
✔ |
✔ |
|||
data/outputs/tcp/syslog/{name} | Outputs Manage specific forwarder, which sends data in syslog format |
✔ |
✔ |
✔ | ||
data/props/calcfields | Knowledge Access props.conf file calculated fields
|
✔ |
✔ |
|||
data/props/calcfields/{name} | Knowledge Manage specific props.conf file calculated field
|
✔ |
✔ |
✔ | ||
data/props/extractions | Knowledge Access props.conf file search-time field extractions
|
✔ |
✔ |
|||
data/props/extractions/{name} | Knowledge Manage specific props.conf file field extraction
|
✔ |
✔ |
✔ | ||
data/props/fieldaliases | Knowledge Access props.conf file field aliases
|
✔ |
✔ |
|||
data/props/fieldaliases/{name} | Knowledge Manage specific props.conf file field alias
|
✔ |
✔ |
✔ | ||
data/props/lookups | Knowledge Access props.conf file automatic lookups
|
✔ |
✔ |
|||
data/props/lookups/{name} | Knowledge Manage specific props.conf file automatic lookup
|
✔ |
✔ |
✔ | ||
data/props/sourcetype-rename | Knowledge Access renamed sourcetypes configured in props.conf file
|
✔ |
✔ |
|||
data/props/sourcetype-rename/{name} | Knowledge Manage specific props.conf file sourcetype name
|
✔ |
✔ |
✔ | ||
data/summaries | Introspection Get disk usage information about all summaries in an indexer. |
✔ |
||||
data/summaries/{summary_name} | Introspection Get disk usage information about a particular summary in an indexer. |
✔ |
||||
data/transforms/extractions | Knowledge Access field extraction definitions |
✔ |
✔ |
|||
data/transforms/extractions/{name} | Knowledge Manage specific field extraction definition |
✔ |
✔ |
✔ | ||
data/transforms/lookups | Knowledge Access transforms.conf file lookup definitions
|
✔ |
✔ |
|||
data/transforms/lookups/{name} | Knowledge Manage specific transforms.conf file lookup definition
|
✔ |
✔ |
✔ | ||
data/transforms/metric-schema | Knowledge Review and manage ingest-time log-to-metrics configurations. |
✔ |
✔ |
✔ | ||
data/transforms/statsdextractions | Knowledge Configure metrics dimension extraction for StatsD. |
✔ | ||||
data/ui/global-banner | Knowledge Create global banners. |
✔ |
✔ |
|||
data/ui/panels | Knowledge Create dashboard panel XML definitions. |
✔ |
✔ |
|||
data/ui/views | Knowledge Create dashboard XML definitions. |
✔ |
✔ |
|||
data/ui/views/{name} | Knowledge Access, update, or delete dashboard XML. |
✔ |
✔ |
✔
| ||
datamodel/
|
GET | PUT | POST | DELETE | ||
datamodel/model | Knowledge Access information about data models |
✔ |
✔ |
|||
datamodel/model/{name} | Knowledge Access information about a data model |
✔ |
✔ |
✔ | ||
datamodel/pivot | Knowledge Access pivots based on named data models |
✔ |
||||
deployment/
|
GET | PUT | POST | DELETE | ||
deployment/client | Deployment Access deployment client information |
✔ |
| |||
deployment/client/config | Deployment Access deployment client configuration |
✔ |
||||
deployment/client/config/listIsDisabled | Deployment Access deployment client state information |
✔ |
||||
deployment/client/config/reload | Deployment Access deployment client reload information |
✔ |
||||
deployment/client/{name}/reload | Deployment Manage specific deployment client reload |
✔ |
||||
deployment/server/applications | Deployment Access deployment server application and class information |
✔ |
||||
deployment/server/applications/{name} | Deployment Manage specific server client application and class information |
✔ |
✔ |
|||
deployment/server/clients | Deployment Access deployment server client information |
✔ |
||||
deployment/server/clients/countClients_by_machineType | Deployment Access deployment server client information by machine type |
✔ |
||||
deployment/server/clients/countRecentDownloads | Deployment Access client download information |
✔ |
||||
deployment/server/clients/{name} | Deployment Manage specific client |
✔ |
✔ | |||
deployment/server/config | Deployment Access deployment server configuration |
✔ |
||||
deployment/server/config/attributesUnsupportedInUI | Deployment Access deployment server attributes not available using Splunk Web |
✔ |
||||
deployment/server/config/listIsDisabled | Deployment Access deployment server state |
✔ |
||||
deployment/server/serverclasses | Deployment Access server class information |
✔ |
✔ |
|||
deployment/server/serverclasses/{name} | Deployment Manage specific server class of deployment server |
✔ |
✔ |
✔ | ||
deployment/server/serverclasses/rename | Deployment Manage server class name |
✔ |
||||
directory/
|
GET | PUT | POST | DELETE | ||
directory | Knowledge Access user-configurable entities |
✔ |
||||
directory/{name} | Knowledge Manage specific entity in directory service enumeration |
✔ |
||||
indexing/
|
GET | PUT | POST | DELETE | ||
indexing/preview | Deployment Preview events from a file before indexing |
✔ |
✔ |
|||
indexing/preview/{job_id} | Inputs Access props.conf file settings for specific data preview job
|
✔ |
||||
kvstore/
|
GET | PUT | POST | DELETE | ||
kvstore/backup/create | KV store Create a KV Store backup archive file. |
✔ | ||||
kvstore/backup/restore | KV store Extracts the KV Store backup archive file and restores the KV Store. |
✔ | ||||
kvstore/status | KV store Access KV store status information for standalone or search head clustering (SHC) deployments. |
✔ | ||||
licenser/
|
GET | PUT | POST | DELETE | ||
licenser/groups | Licensing Access licenser groups configuration |
✔ |
||||
licenser/groups/{name} | Licensing Manage specific licenser group configuration |
✔ |
✔ |
|||
licenser/licenses | Licensing Access licenses |
✔ |
✔ |
|||
licenser/licenses/{name} | Licensing Manage specific license |
✔ |
✔ | |||
licenser/localpeer | Licensing Get information about relevant license state for the splunk instance. |
✔ |
||||
licenser/messages | Licensing Access licenser messages |
✔ |
||||
licenser/messages/{name} | Licensing Access specific licenser message |
✔ |
||||
licenser/pools | Licensing Access licenser pool information |
✔ |
✔ |
|||
licenser/pools/{name} | Licensing Manage specific licenser pool |
✔ |
✔ |
✔ | ||
licenser/peers | Licensing Access license manager peers |
✔ |
||||
licenser/peers/{name} | Licensing Access specific license manager peer |
✔ |
||||
licenser/stacks | Licensing Access license stack configuration |
✔ |
||||
licenser/stacks/{name} | Licensing Access specific license stack configuration |
✔ |
||||
licenser/usage | Licensing Access current usage information. |
✔ |
||||
messages/
|
GET | PUT | POST | DELETE | ||
messages | System Manage system messages |
✔ |
✔ |
|||
messages/{name} | System Manage specific system message |
✔ |
✔ |
|||
properties/
|
GET | PUT | POST | DELETE | ||
properties | Configuration Access configuration files |
✔ |
✔ |
|||
properties/{file_name} | Configuration Manage specific configuration file |
✔ |
✔ |
|||
properties/{file_name}/{stanza_name} | Configuration Manage specific configuration file stanzas |
✔ |
✔ |
|||
properties/{file_name}/{stanza_name}/{key_name} | Configuration Manage specific stanza in specific configuration file |
✔ |
✔ |
|||
receivers/
|
GET | PUT | POST | DELETE | ||
receivers/simple | Inputs Use HTTP to send events |
✔ |
||||
receivers/stream | Inputs Use socket to stream events |
✔ |
||||
receivers/token | Input Log events using HTTP Input with application authentication token. |
✔ |
||||
receivers/token/event | Input Post JSON formatted data to the data input endpoint. |
✔ |
||||
receivers/token/event/1.0 | Input Post JSON formatted data to the data input endpoint. |
✔ |
||||
receivers/token/mint | Input Post MINT formatted data to the data input endpoint. |
✔ |
||||
receivers/token/mint/1.0 | Input Post MINT formatted data to the data input endpoint. |
✔ |
||||
saved/
|
GET | PUT | POST | DELETE | ||
saved/eventtypes | Knowledge Manage saved event types |
✔ |
✔ |
|||
saved/eventtypes/{name} | Knowledge Manage specific saved event type |
✔ |
✔ |
✔ | ||
saved/searches | Search Manage saved searches configuration |
✔ |
✔ |
|||
saved/searches/{name} | Search Manage specific saved search |
✔ |
✔ |
✔ | ||
saved/searches/{name}/acknowledge | Search Manage saved search alerting |
✔ |
||||
saved/searches/{name}/dispatch | Search Dispatch saved search |
✔ |
||||
saved/searches/{name}/history | Search Access saved search job history |
✔ |
||||
saved/searches/{name}/reschedule | Search Manage saved search job scheduling |
✔ |
||||
saved/searches/{name}/scheduled_times | Search Access saved search scheduled times |
✔ |
| |||
saved/searches/{name}/suppress | Search Access saved search alerting state |
✔ |
||||
scheduled/
|
GET | PUT | POST | DELETE | ||
scheduled/views | Search Access scheduled views for PDF delivery |
✔ |
||||
scheduled/views/{name} | Search Manage specific scheduled view |
✔ |
✔ |
✔ | ||
scheduled/views/{name}/dispatch | Search Dispatch search for specific scheduled view |
✔ |
||||
scheduled/views/{name}/history | Search Access specific scheduled view job history |
✔ |
||||
scheduled/views/{name}/reschedule | Search Manage scheduled view scheduling |
✔ |
||||
scheduled/views/{name}/scheduled_times | Search Access specific scheduled view times |
✔ |
||||
search/
|
GET | PUT | POST | DELETE | ||
search/concurrency-settings | Search List search concurrency settings. |
✔ |
||||
search/concurrency-settings/scheduler | Search Edit settings for concurrent scheduled search limits. |
✔ |
||||
search/concurrency-settings/search | Search Edit settings for the maximum number of concurrent scheduled searches. |
✔ |
✔ |
|||
search/distributed/bundle/replication/config | Deployment Provides information on knowledge bundle replication configuration |
✔ |
||||
search/distributed/bundle/replication/cycles | Deployment Provides information and status for knowledge bundle replication cycles |
✔ |
||||
search/distributed/bundle-replication-files | Deployment Access distributed search bundle replication files |
✔ |
✔ |
|||
search/distributed/bundle-replication-files/{name} | Deployment Access specific search bundle replication file |
✔ |
||||
search/distributed/config | Deployment Access distributed search options |
✔ |
||||
search/distributed/peers | Deployment Manage distributed server peers |
✔ |
||||
search/distributed/peers/{name} | Deployment Manage distributed server peers |
✔ |
||||
search/fields | Knowledge Access search field configuration |
✔ |
||||
search/fields/{field_name} | Knowledge Access specific search field configuration |
✔ |
||||
search/fields/{field_name}/tags | Knowledge Manage tags associated with specific search field |
✔ |
✔ |
|||
search/jobs | Search Manage search jobs |
✔ |
✔ |
|||
search/jobs/{search_id} | Search Manage specific search job |
✔ |
✔ |
✔ | ||
search/jobs/{search_id}/control | Search Execute job control command for specific search |
✔ |
| |||
search/jobs/{search_id}/events | Search Access events for specific search |
✔ |
||||
search/jobs/{search_id}/results | Search Access results of specific search |
✔ |
||||
search/jobs/{search_id}/results_preview | Search Access preview results for specific search |
✔ |
||||
search/jobs/{search_id}/search.log | Search Access search.log file for specific search
|
✔ |
||||
search/jobs/{search_id}/summary | Search Access getFieldsAndStats output of so-far-read events
|
✔ |
||||
search/jobs/{search_id}/timeline | Search Access event distribution over time |
✔ |
||||
search/jobs/export | Search Stream search results |
✔ |
✔ |
|||
search/parser | Search Access search language parsing services |
✔ |
||||
search/scheduler | Search Access search scheduler enablement status. |
✔ |
||||
search/scheduler/status | Search Disable or enable the search scheduler. |
✔ |
||||
search/tags/{tag_name} | Knowledge Manage specific search time tag |
✔ |
✔ |
✔ | ||
search/timeparser | Search Parse time argument |
✔ |
||||
search/typeahead | Search Suggest search string auto-completion strings |
✔ |
||||
server/
|
GET | PUT | POST | DELETE | ||
server/control | System Access server controls |
✔ |
||||
server/control/restart | System Restart Splunk Enterprise splunkd server daemon. |
✔ |
||||
server/control/restart_webui | System Restart Splunk Enterprise splunkweb Web interface process. |
✔ |
||||
server/httpsettings/proxysettings | System Create an HTTP proxy configuration stanza. |
✔ | ||||
server/httpsettings/proxysettings/proxyConfig | System Update HTTP proxy settings. |
✔ | ✔ | ✔ | ||
server/info | Introspection Access Splunk instance information |
✔ |
||||
server/sysinfo | Introspection Access server information |
✔ |
||||
server/health/deployment | Introspection Access distributed deployment overall health status information. |
✔ |
||||
server/health/deployment/details | Introspection Access distributed deployment feature health status information. |
✔ |
||||
server/health/splunkd | Introspection Access splunkd health status information.
|
✔ |
||||
server/health/splunkd/details | Introspection Access splunkd feature health status information.
|
✔ |
||||
server/health-config | Introspection Access splunkd health report configuration information.
|
✔ |
||||
server/health-config/{alert_action} | Introspection Configure alert actions for the splunkd health report.
|
✔ |
✔ |
|||
server/health-config/{feature_name} | Introspection Edit feature and indicator settings for the splunkd health report.
|
✔ |
✔ |
|||
server/introspection | Introspection List introspection resources |
✔ |
||||
server/introspection/indexer | Introspection Get indexer status |
✔ |
||||
server/introspection/kvstore | Introspection List app kvstore status resources |
✔ |
||||
server/introspection/kvstore/collectionstats | Introspection Get storage statistics for a collection. |
✔ |
||||
server/introspection/kvstore/replicasetstats | Introspection Get the status of the replica set from the point of view of the current server. |
✔ |
||||
server/introspection/kvstore/serverstatus | Introspection Get an overview of the database process state. |
✔ |
||||
server/introspection/search/saved | Introspection Check most recent search scheduling details. |
✔ |
||||
server/logger | System Access logging categories |
✔ |
||||
server/logger/{name} | System Manage specific logging category |
✔ |
✔ |
|||
server/pipelinesets | Input Access information on an indexer's ingestion pipeline sets. |
✔ |
||||
server/roles | System Access server configuration |
✔ |
||||
server/security/rotate-splunk-secret | System Rotate the splunk.secret key file on a standalone Splunk Enterprise installation
|
✔ |
||||
server/settings | System Access server configuration |
✔ |
||||
server/status | Introspection Access system status information |
✔ |
||||
server/status/dispatch-artifacts | Introspection Access search job information |
✔ |
||||
server/status/fishbucket | Introspection Access information about the private BTree database |
✔ |
||||
server/status/installed-file-integrity | Introspection Check for system file irregularities. |
✔ |
||||
server/status/limits/search-concurrency | Introspection Access search concurrency metrics |
✔ |
||||
server/status/partitions-space | Introspection Access disk utilization information |
✔ |
||||
server/status/resource-usage | Introspection Access current resource utilization information |
✔ |
||||
server/status/resource-usage/hostwide | Introspection Access host-level resource utilization information |
✔ |
||||
server/status/resource-usage/iostats | Introspection Access the most recent disk I/O statistics for each disk. This endpoint is currently available only for Linux. |
✔ |
||||
server/status/resource-usage/splunk-processes | Introspection Access operating system resource utilization information |
✔ |
||||
services/collector
|
GET | PUT | POST | DELETE | ||
services/collector | Input Log events using HTTP Event Collector. |
✔ |
||||
services/collector/ack | Input Query event indexing status. |
✔ |
||||
services/collector/event | Input Post JSON formatted data to the data input endpoint. |
✔ |
||||
services/collector/health | Input Checks if HEC is healthy and able to accept new data from a load balancer. |
✔ | ||||
services/collector/mint | Input Post MINT formatted data to the data input endpoint. |
✔ |
||||
services/collector/raw | Input Send raw data directly to the indexer queue. |
✔ |
||||
shcluster/
|
GET | PUT | POST | DELETE | ||
shcluster/captain/artifacts | Clusters Get artifact configuration information for a cluster captain node. |
✔ |
||||
shcluster/captain/artifacts/{name} | Clusters Get artifact configuration information for {name} node. |
✔ |
||||
shcluster/captain/control/control/upgrade-init | Clusters Initiate rolling upgrade of SHC. |
✔ | ||||
shcluster/captain/control/control/upgrade-finalize | Clusters Finish rolling upgrade of SHC. |
✔ | ||||
shcluster/captain/control/control/rotate-splunk-secret | System Rotate the splunk.secret key file on all nodes of a Splunk Enterprise search head cluster
|
✔ |
||||
shcluster/captain/control/default/restart | Clusters Initiate rolling restart of SHC. |
✔ |
| |||
shcluster/captain/info | Clusters Access information about searchhead cluster captain node. |
✔ |
||||
shcluster/captain/jobs | Clusters List running and recently finished jobs for all cluster members. |
✔ |
||||
shcluster/captain/jobs/{name} | Clusters Get running and recently finished jobs for {name} cluster. |
✔ |
||||
shcluster/captain/members | Clusters List cluster members. |
✔ |
||||
shcluster/captain/members/{name} | Clusters Get information about the {name} searchhead cluster member. |
✔ |
||||
shcluster/config | Clusters List searchhead cluster node configuration. |
✔ |
||||
shcluster/config/config | Clusters Configure search head cluster members. |
✔ | ||||
shcluster/member/artifacts | Clusters Get searchhead cluster member artifact configuration. |
✔ |
||||
shcluster/member/artifacts/{name} | Clusters Get {name} member artifact configuration. |
✔ |
||||
shcluster/member/consensus | Clusters Get latest cluster configuration from the raft consensus protocol. |
✔ |
||||
shcluster/member/control/control/set_manual_detention | Clusters Adjust search head manual detention mode. |
✔ | ||||
shcluster/member/info | Clusters Get searchhead cluster member node information. |
✔ |
||||
shcluster/status | Clusters Determine SHC health status. |
✔ | ||||
replication/configuration/health | Clusters Get configuration replication health statistics for a SHC. |
✔ | ||||
storage/
|
GET | PUT | POST | DELETE | ||
storage/passwords | Access control Manage authentication credentials |
✔ |
✔ |
|||
storage/passwords/{name} | Access control Manage specific authentication credential |
✔ |
✔ | |||
storage/collections
|
GET | PUT | POST | DELETE | ||
storage/collections/config | KV store Create or list connections. |
✔ |
✔ |
|||
storage/collections/config/{collection} | KV store Manage a specific collection. |
✔ |
✔ |
✔ | ||
storage/collections/data/{collection} | KV store Manage items of a collection. |
✔ |
✔ |
✔ | ||
storage/collections/data/{collection}/{id} | KV store Manage a specific item of a collection. |
✔ |
✔ |
✔ | ||
storage/collections/data/{collection}/batch_save | KV store Perform multiple save operations. |
✔ |
||||
workloads/
|
GET | PUT | POST | DELETE | ||
workloads/categories | Workloads List and edit workload categories. |
✔ | ✔ | |||
workloads/config/enable | Workloads Enable workload management. |
✔ | ||||
workloads/config/disable | Workloads Disable workload management. |
✔ | ||||
workloads/config/get-base-dirname | Workloads Get the name of the splunk parent cgroup. |
✔ | ||||
workloads/config/set-base-dirname | Workloads Set the name of the splunk parent cgroup. |
✔ | ||||
workloads/status | Workloads Get information on the current status of workload management. |
✔ | ||||
workloads/pools | Workloads Perform CRUD operations on workload pools. |
✔ | ✔ | ✔ | ||
workloads/rules | Workloads Perform CRUD operations on workload rules. |
✔ | ✔ | ✔ |
Using the REST API reference | Access endpoint descriptions |
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Feedback submitted, thanks!