Admin Config Service (ACS) API endpoint reference
Use the ACS API endpoint reference to learn about the endpoints and operations that provide programmatic self-service administration for Splunk Cloud Platform.
You must have the sc_admin (Splunk Cloud Platform Administrator) role to use the ACS API.
For more information on ACS API requirements, see ACS requirements and compatibility matrix.
For information on ACS API setup and usage, see Basic setup and usage concepts for the ACS API.
ACS endpoint categories
ACS API endpoints are grouped into the following categories based on feature use case:
| Feature | Endpoints |
|---|---|
| Configure IP allow lists | access/{feature}/ipallowlists |
| Configure outbound ports | access/outbound-ports access/outbound-ports/{port} |
| Manage authentication tokens | tokens tokens/{tokenID} |
| Manage HTTP Event Collector (HEC) tokens | inputs/http-event-collectors inputs/http-event-collectors/{hec-token-name} |
| Manage indexes | indexes indexes/{name} |
| Manage private apps and Splunkbase apps (Victoria Experience) | apps/victoria apps/victoria/{app_name} |
| Manage private apps (Classic Experience) | apps apps/{app_name} |
Authentication and authorization
The ACS API accepts a JSON Web Token (JWT) for authentication. You can create this token in the Splunk Cloud Platform UI or using the ACS API. For more information see Create an authentication token.
Configure IP allowlists
The ACS API provides the following endpoints to configure IP allowlists. For more information on how to configure IP allowlists using the ACS API, see Configure IP allowlists for Splunk Cloud Platform.
access/{feature}/ipallowlists
https://admin.splunk.com/{stack}/adminconfig/v2/access/{feature}/ipallowlists
List, update, and delete IP allow lists.
GET
List subnets on the existing IP allow list for a feature.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| feature | String | The IP allow list feature type. |
Returned values
| Name | Type | Description |
|---|---|---|
| subnets | String | The IP subnets currently listed on the IP allow list for a given feature. |
Example request and response
JSON Request
curl https://admin.splunk.com/mystack/adminconfig/v2/access/s2s/ipallowlists
JSON Response
{
"subnets": [
": #.0.0.0/24",
": #.0.0.0/24",
": #.0.10.6/32"
]
}
POST
Add subnets to the IP allow list for a feature.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| feature | String | The IP allow list feature type. |
| subnets | String | List of subnets to add to IP allow list |
Returned values
None
Example request and response
JSON Request
curl -X POST 'https://admin.splunk.com/mystack/adminconfig/v2/access/s2s/ipallowlists' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiw...' \
--data '{
"subnets": [
"###.0.0.0/24",
"##.0.10.6/32"
]
}'
JSON Response
{
"code": "200"
}
DELETE
Delete subnets from the IP allow list for a feature
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| feature | String | The IP allow list feature type. |
| subnets | String | List of subnets to delete from IP allow list |
Returned values
None
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/mystack/adminconfig/v2/access/s2s/ipallowlists' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2Vj...' \
--header 'Content-Type: application/json' \
--data '{
"subnets": [
"###.0.0.0/24",
"##.0.10.6/32"
]
}'
JSON Response
{
"code": "200"
}
Configure outbound ports
access/outbound-ports
https://admin.splunk.com/{stack}/adminconfig/v2/access/outbound-ports
List and create outbound ports.
GET
List existing outbound ports.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
Returned values
| Name | Type | Description |
|---|---|---|
| name | String | The outbound port name. |
| port | Number | The outbound port number. |
| destinationRanges | String | The allowed destination IP subnets for the outbound port. |
| reason | String | The purpose for the outbound port. |
Example request and response
JSON Request
curl 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...'
JSON Response
[
{
"destinationRanges": [
"34.226.34.80/32",
"54.226.34.80/32"
],
"name": "8089",
"port": 8089
},
{
"destinationRanges": [
"4.16.171.10/32"
],
"name": "8590",
"port": 8590
}
]
POST
Create an outbound port.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| outboundPorts | String | The outbound port number and destination subnets. |
| port | Number | The outbound port number. |
| subnets | String | The allowed destination subnets for the outbound port. |
| reason | String | The purpose of the outbound port. |
Returned values
| Name | Type | Description |
|---|---|---|
| outboundPorts | String | The outbound port number and destination subnets. |
| port | Number | The outbound port number. |
| subnets | String | The allowed destination subnets for the outbound port. |
| reason | String | The purpose of the outbound port. |
Example request and response
JSON Request
curl -X POST 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...' \
--data-raw '{
"outboundPorts": [{"subnets": ["34.226.34.80/32", "54.226.34.80/32"], "port": 8089}],
"reason": "testing federated search connection"
}'
JSON Response
{
"outboundPorts": [
{
"port": 8089,
"subnets": [
"34.226.34.80/32",
"54.226.34.80/32"
]
}
],
"reason": "testing federated search connection"
access/outbound-ports/{port}
https://admin.splunk.com/{stack}/adminconfig/v2/access/outbound-ports/{port}
Describe and delete outbound ports.
GET
Describe an outbound port.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| port | Number | The outbound port number. |
Returned values
| Name | Type | Description |
|---|---|---|
| destinationRanges | String | The allowed destination IP subnets for the outbound port. |
| name | String | The outbound port name. |
| port | Number | The outbound port number. |
Example request and response
JSON Request
curl 'https:// admin.splunk.com/{stack}/adminconfig/v2/access/outbound-ports/8089' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"destinationRanges": [
"34.226.34.80/32",
"54.226.34.80/32"
],
"name": "8089",
"port": 8089
}
DELETE
Delete an outbound port.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| subnets | String | The allowed destination IP subnets for the outbound port. |
Returned values
| Name | Type | Description |
|---|---|---|
| subnets | String | The deleted destination IP subnets for the outbound port. |
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/{stack}/adminconfig/v2/access/outbound-ports/8089' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…'
--data-raw '{
"subnets": ["54.203.114.197/32", "34.226.34.80/32"]
JSON Response
{
"subnets": [
"54.203.114.197/32",
"34.226.34.80/32"
]
}
Manage authentication tokens
tokens
https://admin.splunk.com/{stack}/adminconfig/v2/tokens
Create, view, and delete JSON Web Token (JWT).
POST
Create a new token.
Request parameters
| Name | Type | Description |
|---|---|---|
| username | String | The login username for the Splunk Cloud Platform instance. |
| password | String | The login password for the Splunk Cloud Platform instance. |
| user | String | The name of the token user. Must be an existing user. |
| audience | String | The purpose of the token. |
| expiresOn | String | The amount of time until the token expires. You can specify this value in relative time (+<number>[s][m][h][d]) or absolute time (YYYY-MM-DDTHH:MM:SS[+HH:MM]). Default is +30d. Time is UTC. |
Returned values
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| user | String | The name of the token user. |
| audience | String | The purpose of the token. |
| id | String | The token ID. |
| status | String | The status of token authentication. |
| expiresOn | String | The time the token will expire. Time is UTC. |
| notBefore | String | The time you can start to use the token. Default is now. Time is UTC. |
Example request and response
JSON Request
curl -u username:password -X POST 'https://admin.splunk.com/keziabutterfinger/adminconfig/v2/tokens' \
--header 'Content-Type: application/json' \
--data-raw '{
"user" : "admin",
"audience" : "acs-test",
"expiresOn" : "+100d"
}'
}'
JSON Response
"user": "admin", "audience": "acs-test", "id": "0c1daac93fd01bc50cfe8ed938ce401bc168a8730c1c9e2f343671541e759fbf", "token": "eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnIjoiSFM1MTIiLCJ2ZXIiOiJ2MiIsInR0eXAiOiJzdGF0aWMifQ.eyJpc3MiOiJhZG1pbiBmcm9tIHNoLWktMGJlMzJiYTM1YjY4MDlhMDEiLCJzdWIiOiJhZG1pbiIsImF1ZCI6Imtlei10ZXN0IiwiaWRwIjoiU3BsdW5rIiwianRpIjoiMzA0YmEzYWQxOWMwOWRhYmYxYzljY2YzYTcxMTM3NTQ1NmFiODM0ZDljMjBjN2E3MzYzNWUyYWMxNmQ5OWFiMSIsImlhdCI6MTYzNDA2NjAzMSwiZXhwIjoxNjM2NjU4MDMxLCJuYnIiOjE2MzQwNjYwMzF9.Cml1yQMXgo18dauOuORTc4vTxm1tWuXOL6sBj0TEV1lwOIqo5sCBKv_B45Jjb34XkK-TJQgdYqcOoV0un-ARDQ", "status": "enabled", "expiresOn": "2021-12-16T21:37:11Z", "notBefore": "2021-11-16T21:37:11Z"
tokens/{id}
https://admin.splunk.com/{stack}/adminconfig/v2/access/tokens/{id}
View and delete individual tokens.
GET
View a token.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| id | String | The token ID. |
Returned values
| Name | Type | Description |
|---|---|---|
| user | String | The name of the token user. |
| audience | String | The purpose of the token. |
| id | String | The token ID. |
| status | String | The status of token authentication. |
| expiresOn | String | The time the token will expire. Time is UTC. |
| notBefore | String | The time you can start to use the token. Default is now. Time is UTC. |
| lastUsed | String | The time the token was last used. Time is UTC. |
| lastUsedIP | String | The IP address of the instance on which the token was last used. |
Example request and response
JSON Request
curl 'https://admin.splunk.com/{stack}/adminconfig/v2/tokens/55ee3d1c199645c330d28dcd9fa50bc6e9f74154c3d1c3d31229b6e78be77ed7' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"id": "d9637736177efc773ec8c5c04efcc2e19859cd852af00689ef81bf9e809364a8",
"user": "admin",
"audience": "acs-test",
"status": "enabled",
"expiresOn": "2021-11-19T00:34:46Z",
"notBefore": "2021-10-20T00:34:46Z",
"lastUsed": "2021-10-20T03:52:53Z",
"lastUsedIP": "50.216.96.2"
}
DELETE
Delete a token.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| id | String | The token ID. |
Returned values
None
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/{stack}/adminconfig/v2/tokens/55ee3d1c199645c330d28dcd9fa50bc6e9f74154c3d1c3d31229b6e78be77ed7' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"code": "200"
}
Manage HTTP Event Collector (HEC) tokens
The ACS API provides the following endpoints to manage HEC tokens. For more information on how to manage HEC tokens using the ACS API, see Manage HTTP Event Collector (HEC) tokens in Splunk Cloud Platform.
ACS endpoints for HEC token management apply to deployments on Victoria Experience only. See Determine your Splunk Cloud Platform Experience.
inputs/http-event-collectors
https://admin.splunk.com/{stack}/adminconfig/v2/inputs/http-event-collectors
List and create HEC tokens.
GET
List existing HEC tokens.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| count | Number | Specifies the maximum number of items to list. Maximum value is 100. Default is 30. A value of 0 lists all items. |
| offset | Number | Specifies a count displacement value (from the first existing item) on which to start the list. For example, if the count value is 100, to list items 100-200, specify an offset value of 100.
|
Returned values
| Name | Type | Description |
|---|---|---|
| name | String | The HEC token name. This is the token ID, not the actual token value. |
| disabled | Boolean | The enabled/disabled status of the HEC token. |
| defaultindex | String | Default index to store generated events. |
| useACK | Boolean | (Optional) Enable/disable (true/false) indexer acknowledgement. |
| token | String | The full token value. |
Example request and response
JSON Request
curl https://admin.splunk.com/{mystack}/adminconfig/v2/inputs/http-event-collectors
JSON Response
{
"http-event-collectors": [
{
"spec": {
"allowedIndexes": [
"main",
"summary"
],
"defaultHost": "",
"defaultIndex": "main",
"defaultSource": "",
"defaultSourcetype": "",
"disabled": true,
"name": "hec-token-name",
"useACK": true
},
"token": "9803a48f-b733-4106-8a3f-871c53ee2675"
}
]
}
POST
Create a new HEC token.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| name | String | The HEC token name. This is the token ID, not the actual token value. |
| defaultIndex | String | Default index to store generated events. |
| useACK | Boolean | (Optional) Enable/disable (true/false) indexer acknowledgement. |
| token | String | (Optional) An existing token value. |
Returned values
| Name | Type | Description |
|---|---|---|
| token | String | The full token value. |
Example request and response
JSON Request
curl -X POST 'https://admin.splunk.com/mystack/adminconfig/v2/inputs/http-event-collectors' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiw...' \
--header 'Content-Type: application/json' \
--data-raw '{
"allowedIndexes": [
"main",
"summary"
],
"defaultHost": "",
"defaultIndex": "main",
"defaultSource": "",
"defaultSourcetype": "",
"disabled": false,
"name": "hec-token-name",
"useACK": true,
"token": "this_is_my_token"
}'
JSON Response
"http-event-collector": {
"spec": {
"allowedIndexes": [
"main",
"summary"
],
"defaultHost": "",
"defaultIndex": "main",
"defaultSource": "",
"defaultSourcetype": "",
"disabled": false,
"name": "hec-token-name"
"UseACK": true
},
"token": "this_is_my_token"
}
}
inputs/http-event-collectors/{hec-token-name}
https://admin.splunk.com/{stack}/adminconfig/v2/inputs/http-event-collectors/{hec-token-name}
View, update, and delete HEC tokens.
GET
View an inidvidual HEC token.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| name | String | The HEC token name. This is the token ID, not the actual token value. |
Returned values
| Name | Type | Description |
|---|---|---|
| disabled | Boolean | The enabled/disabled status of the HEC token. |
| defaultindex | String | Default index to store generated events. |
| useACK | Boolean | (Optional) Enable/disable (true/false) indexer acknowledgement. |
| token | String | The full token value. |
Example request and response
JSON Request
curl https://admin.splunk.com/{mystack}/adminconfig/v2/inputs/http-event-collectors/{hec-token-name}
JSON Response
{
"http-event-collectors": [
{
"spec": {
"allowedIndexes": [
"main",
"summary"
],
"defaultHost": "",
"defaultIndex": "main",
"defaultSource": "",
"defaultSourcetype": "",
"disabled": true,
"name": "hec-token-name"
},
"token": "9803a48f-b733-4106-8a3f-871c53ee2675"
}
]
}
PUT
Update an existing HEC token.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| defaultHost | String | Default index to store generated events. |
| defaultIndex | String | Default event source. |
| defaultSource | String | Default index to store generated events. |
| defaultSourcetype | String | Default index to store generated events. |
| disabled | String | Default index to store generated events. |
| name | String | The name of the HEC token. This is the token ID, not the actual token value. |
| useACK | Boolean | (Optional) Enable/disable (true/false) indexer acknowledgement. |
Returned values
None
Example request and response
JSON Request
curl -X PUT 'https://admin.splunk.com/{mystack}/adminconfig/v2/inputs/http-event-collectors' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiw...' \
--header 'Content-Type: application/json' \
--data-raw '{
"allowedIndexes": [
"main",
"summary"
],
"defaultHost": "",
"defaultIndex": "main",
"defaultSource": "",
"defaultSourcetype": "",
"disabled": false,
"name": "hec-token-name"
}'
JSON Response
{
"code": "200"
}
DELETE
Delete an HEC token.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| name | String | The HEC token name. This is the token ID, not the actual token value. |
Returned values
None
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/{mystack}/adminconfig/v2/inputs/http-event-collectors' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiw...' \
--header 'Content-Type: application/json' \
JSON Response
{
"code": "200"
}
Manage indexes
The ACS API provides the following endpoints to manage indexes. For more information on how to manage indexes using the ACS API, see Manage indexes in Splunk Cloud Platform.
ACS endpoints for index management apply to deployments on Victoria Experience only. See Determine your Splunk Cloud Platform Experience.
indexes
https://admin.splunk.com/{stack}/adminconfig/v2/indexes
List and create indexes.
GET
List existing indexes.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| count | Number | Specifies the maximum number of items to list. Maximum value is 100. Default is 30. A value of 0 lists all items. |
| offset | Number | Specifies a count displacement value (from the first existing item) on which to start the list. For example, if the count value is 100, to list items 100-200, specify an offset value of 100.
|
Returned values
| Name | Type | Description |
|---|---|---|
| name | String | The index name. |
| datatype | String | The type of data the index holds. Possible values: event or metric
|
| searchableDays | Number | Number of days the index is searchable. |
| maxDataSizeMB | Number | The maximum size of the index in megabytes. |
| totalEventCount | Number | The total number of events in an index. |
| totalRawSizeMB | Number | The total amount of raw data in an index in megabytes. |
Example request and response
JSON Request
curl 'https://admin.splunk.com/{stack}/adminconfig/v2/indexes'
JSON Response
[
{
"name": "history",
"datatype": "event",
"searchableDays": 7,
"maxDataSizeMB": 0,
"totalEventCount": "0",
"totalRawSizeMB": "0"
},
{
"name": "lastchanceindex",
"datatype": "event",
"searchableDays": 1095,
"maxDataSizeMB": 0,
"totalEventCount": "0",
"totalRawSizeMB": "0"
},
{
"name": "main",
"datatype": "event",
"searchableDays": 1095,
"maxDataSizeMB": 0,
"totalEventCount": "0",
"totalRawSizeMB": "0"
},
{
"name": "splunklogger",
"datatype": "event",
"searchableDays": 1095,
"maxDataSizeMB": 0,
"totalEventCount": "0",
"totalRawSizeMB": "0"
},
{
"name": "summary",
"datatype": "event",
"searchableDays": 1095,
"maxDataSizeMB": 0,
"totalEventCount": "0",
"totalRawSizeMB": "0"
}
]
POST
Create a new index.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud deployment. |
| name | String | The index name. |
| datatype | String | The type of data the index holds. Possible values: event or metric.
|
| searchableDays | Number | Number of days the index is searchable. |
| maxDataSizeMB | Number | The maximum size of the index in megabytes. |
Returned values
| Name | Type | Description |
|---|---|---|
| name | String | The index name. |
| datatype | String | The type of data the index holds. Possible values: event or metric
|
| searchableDays | Number | Number of days the index is searchable. |
| maxDataSizeMB | Number | The maximum size of the index in megabytes. |
| totalEventCount | Number | The total number of events in an index. |
| totalRawSizeMB | Number | The total amount of raw data in an index in megabytes. |
Example request and response
JSON Request
curl -X POST 'https://admin.splunk.com/{stack}/adminconfig/v2/indexes'
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "testindex"
}'
JSON Response
{
"name": "testindex",
"datatype": "event",
"searchableDays": 90,
"maxDataSizeMB": 0,
"totalEventCount": "0",
"totalRawSizeMB": "0"
}
indexes/{name}
https://admin.splunk.com/{stack}/adminconfig/v2/inputs/indexes/{name}
View, update, and delete indexes.
GET
View an individual index.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| name | String | The name of the index. |
Returned values
| Name | Type | Description |
|---|---|---|
| name | String | The index name. |
| datatype | String | The type of data the index holds. Possible values: event or metric
|
| searchableDays | Number | Number of days the index is searchable. |
| maxDataSizeMB | Number | The maximum size of the index in megabytes. |
| totalEventCount | Number | The total number of events in an index. |
| totalRawSizeMB | Number | The total amount of raw data in an index in megabytes. |
Example request and response
JSON Request
curl 'https:// admin.splunk.com/{stack}/adminconfig/v2/indexes/testindex' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"name": "testindex",
"datatype": "event",
"searchableDays": 90,
"maxDataSizeMB": 1024,
"totalEventCount": "0",
"totalRawSizeMB": "0"
}
PATCH
Update an existing index.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| name | String | The name of the index. |
| searchableDays | Number | Number of days the index is searchable. |
| maxDataSizeMB | Number | The maximum size of the index in megabytes. |
Returned values
None
Example request and response
JSON Request
curl -X PATCH 'https://admin.splunk.com/lighthearted-lemur-23e/adminconfig/v2/indexes/testindex' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…' \
--data-raw '{
"searchableDays": 90,
"maxDataSizeMB": 1024
}'
JSON Response
{
"name": "testindex",
"datatype": "event",
"searchableDays": 90,
"maxDataSizeMB": 1024,
"totalEventCount": "0",
"totalRawSizeMB": "0"
}
DELETE
Delete an index.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| name | String | The name of the index. |
Returned values
None
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/lighthearted-lemur-23e/adminconfig/v2/indexes/testindex' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"code": "200"
}
Manage private apps and Splunkbase apps (Victoria Experience)
The ACS API provides the following endpoints to manage private apps and Splunkbase apps. For more information on how to manage private apps using the ACS API, see Manage private apps in Splunk Cloud Platform. For more information on how to manage Splunkbase apps using the ACS API, see Manage Splunkbase apps in Splunk Cloud Platform
The following ACS endpoints for managing private apps and Splunkbase apps apply to deployments on Victoria Experience only. See Determine your Splunk Cloud Platform Experience.
apps/victoria
https://admin.splunk.com/{stack}/adminconfig/v2/apps/victoria
List and install apps (Victoria Experience).
Authentication and authorization
- All GET and POST operations for this endpoint require a JWT authentication token.
- POST operations to install private apps also require an AppInspect authentication token and a legal acknowledgement that you accept risk for unsupported apps. For more information, see Manage private apps using the ACS API on Victoria Experience.
- POST operations to install Splunkbase apps also require a Splunkbase session ID and the Splunkbase app license URL. For more information, see Manage Splunkbase apps using the ACS API.
GET
List apps.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| count | Number | Specifies the maximum number of items to list. Maximum value is 100. Default is 30. A value of 0 lists all items. |
| offset | Number | Specifies a count displacement value (from the first existing item) on which to start the list. For example, if the count value is 100, to list items 100-200, specify an offset value of 100.
|
| splunkbase | Boolean | Specify splunkbase=true to list Splunkbase apps only. Specify splunkbase=false to list non-Splunkbase apps only. If you do not specify this parameter, ACS lists all apps.
|
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| status | String | The app installation status. |
| version | Number | The app version. |
| appID | String | The app name. Same as name and app_name parameters. |
| splunkbaseID | Number | The Splunkbase app ID number |
Example request and response
JSON Request
curl 'https://admin.splunk.com/{stack}/adminconfig/v2/apps/victoria'
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…'
JSON Response
{
"apps": [
{
"label": "075-cloudworks",
"name": "075-cloudworks",
"status": "installed",
"version": ""
},
{
"label": "100-cloudworks-wlm",
"name": "100-cloudworks-wlm",
"status": "installed",
"version": ""
},
{
"label": "tos",
"name": "tos",
"status": "installed",
"version": ""
}
]
}
POST
Install an app.
Request parameters
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| splunkbase | Boolean | You must specify splunkbase=true to install Splunkbase apps.
|
| splunkbaseID | Number | The Splunkbase app ID number. You can find the splunkbaseID value in the URL of the Splunkbase app download page.
|
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| status | String | The app installation status. |
| version | Number | The app version. |
| appID | String | The app name. Same as name and app_name parameters. |
| splunkbaseID | String | The Splunkbase app ID number. |
Example request and response (install private app)
JSON Request
curl -X POST 'https://admin.splunk.com/{stack}/adminconfig/V2/apps/victoria' \
--header 'X-Splunk-Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9…' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…' \
--data-binary '@/Users/croth/Downloads/pa1v20.tar.gz'
JSON Response
{
"label": "pa1",
"name": "pa1",
"status": "installed",
"version": "1.2.2"
}
Example request and response (install Splunkbase app)
JSON Request
curl -X POST 'https:/admin.splunk.com/{stack}/adminconfig/v2/apps/victoria?splunkbase=true' \
--header 'X-Splunkbase-Authorization: bgf4ztyxcgssgcbdrhguzl0xgousxzcq' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'ACS-Licensing-Ack: http://opensource.org/licenses/ISC' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…' \
--data-urlencode 'splunkbaseID=491'
JSON Response
{
"appID": "SplunkforPaloAltoNetworks",
"label": "Palo Alto Networks App for Splunk",
"name": "SplunkforPaloAltoNetworks",
"splunkbaseID": "491",
"status": "processing",
"version": "7.0.4"
}
apps/victoria/{app_name}
https://admin.splunk.com/{stack}/adminconfig/v2/apps/victoria/{app_name}
Describe and uninstall apps. Upgrade or downgrade Splunkbase apps. (Victoria Experience)
Authentication and authorization
- All GET, PATCH, and DELETE operations for this endpoint require a JWT authentication token.
- PATCH operations to upgrade or downgrade Splunkbase apps also require a Splunkbase session ID and the Splunkbase app license URL. For more information, see Manage Splunkbase apps using the ACS API.
GET
Describe an app.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| app_name | String | The name of the app. |
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| status | String | The app installation status. |
| version | Number | The app version. |
| appID | String | The app name. Same as name and app_name parameters. |
| splunkbaseID | String | The Splunkbase app ID number. |
Example request and response
JSON Request
curl 'https:// admin.splunk.com/{stack}/adminconfig/v2/apps/victoria/testapp' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"label": "testapp",
"name": "testapp",
"status": "installed",
"version": ""
}
PATCH
Upgrade or downgrade a Splunkbase app.
Request parameters
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| splunkbase | Boolean | You must specify splunkbase=true in the request URL to upgrade Splunkbase apps.
|
| splunkbaseID | Number | The Splunkbase app ID number. You can find the splunkbaseID value in the URL of the Splunkbase app download page.
|
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| status | String | The app installation status. |
| version | Number | The app version. |
| appID | String | The app name. Same as name and app_name parameters. |
| splunkbaseID | String | The Splunkbase app ID number. |
Example request and response
JSON Request
curl -X PATCH 'https://admin.splunk.com/{stack}/adminconfig/v2/apps/victoria/SplunkforPaloAltoNetworks' \
--header X-Splunkbase-Authorization: bgf4ztyxcgssgcbdrhguzl0xgousxzcq' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'ACS-Licensing-Ack: http://opensource.org/licenses/ISC' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…' \
--data-urlencode 'version=7.0.3'
JSON Response
{
"appID": "SplunkforPaloAltoNetworks",
"label": "Palo Alto Networks App for Splunk",
"name": "SplunkforPaloAltoNetworks",
"splunkbaseID": "491",
"status": "processing",
"version": "7.0.3"
}
DELETE
Uninstall an app.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| app_name | String | The name of the app. |
Returned values
None
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/lighthearted-lemur-23e/adminconfig/v2/apps/victoria/testapp' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
None
Manage private apps (Classic Experience)
ACS endpoints for index management apply to deployments on Classic Experience only. See Determine your Splunk Cloud Platform Experience.
apps
https://admin.splunk.com/{stack}/adminconfig/v2/apps
List and install apps (Classic Experience).
GET
List apps.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| count | Number | Specifies the maximum number of items to list. Maximum value is 100. Default is 30. A value of 0 lists all items. |
| offset | Number | Specifies a count displacement value (from the first existing item) on which to start the list. For example, if the count value is 100, to list items 100-200, specify an offset value of 100.
|
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| package | String | The app installation package. |
| status | String | The app installation status. |
| version | Number | The app version. |
Example request and response
JSON Request
curl 'https://admin.splunk.com/{stack}/adminconfig/v2/apps?count=100' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…'
JSON Response
{
"apps": []
}
POST
Install an app.
Request parameters
None
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| package | String | The app installation package. |
| status | String | The app installation status. |
| version | Number | The app version. |
Example request and response
JSON Request
curl -X POST 'https://admin.splunk.com/{stack}/adminconfig/v2/apps' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…' \
--form 'token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9…"' \
--form 'package=@"/Users/{name}/app_inspect/testapp.tar.gz"'
JSON Response
{
"label": "testapp",
"name": "testapp",
"package": "testapp.tar.gz",
"status": "installed",
"version": "1.0.31"
}
apps/{app_name}
https://admin.splunk.com/{stack}/adminconfig/v2/apps/{app_name}
Describe and uninstall apps (Classic Experience).
GET
Describe an app.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| app_name | String | The name of the app. |
Returned values
| Name | Type | Description |
|---|---|---|
| label | String | The app label. |
| name | String | The app name. |
| package | String | The app installation package. |
| status | String | The app installation status. |
| version | Number | The app version. |
Example request and response
JSON Request
curl 'https:// admin.splunk.com/{stack}/adminconfig/v2/apps/victoria/testapp' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0Iiwi…'
JSON Response
{
"label": "testapp",
"name": "testapp",
"package": "testapp.tar.gz",
"status": "installed",
"version": ""
}
DELETE
Uninstall an app.
Request parameters
| Name | Type | Description |
|---|---|---|
| stack | String | The URL prefix of the Splunk Cloud Platform deployment. |
| app_name | String | The name of the app. |
Returned values
None
Example request and response
JSON Request
curl -X DELETE 'https://admin.splunk.com/{stack}/adminconfig/v2/apps/testapp' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI…'
JSON Response
{
"code": "200"
}
| Manage maintenance windows for Splunk Cloud Platform | Administer Splunk Cloud Platform using the ACS CLI |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202
Download manual
Feedback submitted, thanks!