rest
rest
Important: The rest command only works with Splunk REST API endpoints.
For more information, read "About the Splunk REST API" in the REST API Reference Manual.
Synopsis
Access a Splunk REST API endpoint and display the returned entities as search results.
Syntax
rest <rest-uri> [count=<int>] [splunk_server=<string>] [timeout=<int>] (<get-arg-name>=<get-arg-value>)...
Required arguments
- rest-uri
- Syntax: <uri>
- Description: URI path to the Splunk REST API endpoint.
- get-arg-name
- Syntax: <string>
- Description: REST argument name.
- get-arg-value
- Syntax: <string>
- Description: REST argument value.
Optional arguments
- count
- Syntax: count=<int>
- Description: Limits the number of results returned. Defaults to 0, unlimited.
- splunk_server
- Syntax: splunk_server=<string>
- Description: Limits the results to one specific server. Use "local" to refer to the search head.
- timeout
- Syntax: timeout=<int>
- Description: Specify the timeout in seconds when waiting for the REST endpoint to respond. Defaults to 60 seconds.
Examples
Example 1: Access saved search jobs.
| rest /services/search/jobs count=0 splunk_server=local | search isSaved=1
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has about using the rest command.
This documentation applies to the following versions of Splunk: 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.