Splunk's API is RESTful

Splunk's API is RESTful

Splunk's API is RESTful, which means it uses HTTP requests to interact with resources within Splunk. There are two main tasks you can do with Splunk's API: run searches and manage Splunk configurations and objects. The REST API is divided into endpoints, or URIs served off of splunkd. All management endpoints behave the same, meaning they take the same global parameters and return responses in the same format. The search endpoints are special cases and behave differently from the configuration endpoints.

In Splunk 4.2.3, the Splunk REST API Reference became available, detailing all available REST endpoints. Splunk for Developers became available at the same time, providing an Overview of the REST API, as well as tutorials, examples, and how-tos.

In Splunk 4.1, only the search and auth endpoints are fully supported and certified. You can access the endpoints for other functions -- managing configurations and objects, for example -- but these endpoints will not be officially supported by Splunk until a future release.

Python SDK and other SDKs

In Splunk 4.2.3, Splunk introduced the Python SDK -- wrapper functions, methods and modules for the REST API. Read more about the Python SDK and other SDKs soon to be availabe in the Splunk SDK Overview at Splunk for Developers. The Splunk SDK Overview contains a roadmap for future development.

• Was this topic useful?
• Post a comment