ITSI REST API reference
The ITSI REST API is recommended for administrators and developers with REST API experience only. All POST and DELETE operations are irreversible.
This reference describes Splunk IT Service Intelligence (ITSI) REST API endpoints exposed via the splunkd management port 8089. You can use this API to interact programmatically and extend the functionality of ITSI.
For information on the Splunk platform REST API, see the Splunk REST API User Manual.
ITSI REST API usage details
Before using the ITSI REST API, consider the following:
- Use the splunkd management port, 8089, and secure HTTPS protocol.
https://localhost:8089/servicesNS/...
- Only the latest version of ITSI is supported for all APIs. Either don't specify a version or specify
vLatest
after the interface name./servicesNS/<user>/<app>/itoa_interface/vLatest/....
- The API performs capability and RBAC checks. For capability requirements, see Configure users and roles in ITSI.
- In most cases,
<user>
isnobody
and<app>
isSA-ITOA
. - splunkd core settings for compression, payload limits, and so on in the web.conf file apply to endpoints.
How to use the filter parameter
The ITSI REST API uses the MongoDB syntax of rules expressions to filter the payload. The filter has to be valid JSON. When using cURL, the filter JSON has to be URL encoded.
Example 1: Use filter to look up an object with title "Web Service."
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service?fields='title'&filter='{"title":"Web+Service"}'
See db.collection.find in the MongoDB reference manual.
Example 2: Use filter to do wildcard lookup against the REST API.
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/<object_type>?fields='<field_name1>,<field_name2>'&filter='{"<field_name>":{"$regex":".*"}}'
See $regex in the MongoDB reference manual.
Example 3: URL encode filter JSON.
curl --location -g --request GET 'https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity?fields='title,_key'&filter={%22entity_type%22:%22API%22}' -k -u admin
How to use the rest
command for SA-ITOA endpoints
You can use the Splunk rest
command, see rest
command to perform REST operations within Splunk Web. Remove the curl
command from the request body to form a search similar to the following:
| rest splunk_server=local /servicesNS/nobody/SA-ITOA/event_management_interface/correlation_search report_as=text
The rest
command has some arguments that differ from those accepted by REST API endpoints. For example, the limit
argument for endpoints is replaced by the count
argument, so \?limit\=1
is replaced by count=1
As of ITSI version 4.4.0, in order to continue using | rest
for SA-ITOA endpoints, you must add report_as=text
to your Splunk searches. Otherwise those searches stop working. For more information, see Removed features in Splunk IT Service Intelligence.
Endpoint interface categories
ITSI REST API endpoints are organized into the following interface categories based on the scenarios they target.
Category | Description |
---|---|
ITOA Interface | Perform operations on core ITSI objects such as entities, services, service templates, and deep dives. |
Event Management Interface | Perform operations on ITSI event management objects such as episodes, aggregation policies, and correlation searches. |
Maintenance Services Interface | Perform operations on ITSI maintenance windows. |
Backup Restore Interface | Perform operations on ITSI backup and restore jobs. |
Glass table icon interface | Perform operations on ITSI glass table icons stored in the KV store. |
ITSI object data structures
For detailed information about ITSI object data structures, see the ITSI REST API schema in this manual.
ITOA Interface
This interface encapsulates operations on the following ITSI object types:
- team
- entity
- service
- base_service_template (service template)
- kpi_base_search
- deep_dive
- glass_table
- home_view
- kpi_template
- kpi_threshold_template
- event_management_state
- entity_filter_rule
- entity_type
- custom_threshold_windows
Base URL
https://<splunk server like localhost>:<splunkd port like 8089>/servicesNS/<user>/<app>/itoa_interface
itoa_interface/get_alias_list
GET
Get a list of alias field names from all ITSI entities in your environment.
Request parameters
None.
Data payload
None.
Return
List of alias field names.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/get_alias_list
JSON Response
{ "identifier":[ "web_server", "vm_id", "site", "hypervisor_id", "hypervisor_name", "datastore_id", "host", "datastore_name", "vm_title", "vm_name", "application_server" ], "informational":[ "version_number", "cluster_name", "processor", "family", "mem_capacity_GB", "nic_count", "hyperthreading", "root_url", "storage_free_space_GB", "vendor", "virtual_subnet_id", "vendor_product_runtime", "hypervisor_os_version", "account_id", "processor_socket_count" ] }
itoa_interface/get_supported_object_types
Get a list of supported object types in the ITOA interface.
GET
Get a list of supported object types.
Request parameters
None.
Data payload
None.
Return
List of object types supported within the ITOA interface.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/get_supported_object_types
JSON Response
[ "team", "entity", "service", "base_service_template", "kpi_base_search", "deep_dive", "glass_table", "home_view", "kpi_template", "kpi_threshold_template", "event_management_state", "entity_relationship", "entity_relationship_rule", "entity_filter_rule", "entity_type" ]
Note: The entity_relationship
, entity_filter_rule
, and entity_relationship_rule
objects are not used.
itoa_interface/<object_type>
Perform CRUD operations on ITSI objects and create individual objects.
GET
Get a list of objects in your environment by object type.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of the field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter.
Make sure to use the correct filter syntax. Incorrect filter syntax causes all rows to be returned for the object type. |
Data payload:
None.
Return
List of objects queried.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/?fields=title,_key&'filter='{"title":{"$regex":".*mysql"}}'
JSON Response
[ { "_key":"00a2f562-19ad-4398-8f12-918bc04a372b", "title":"mysql-04", "object_type":"entity" }, { "_key":"5a0084fd-a090-42fa-9283-0bbe5080429c", "title":"mysql-02", "object_type":"entity" }, { "_key":"f4f15da4-9124-4cc3-94b5-edc810d69738", "title":"mysql-03", "object_type":"entity", "sec_grp":"default_itsi_security_group" } ]
POST
Create and update new objects by object type.
Request parameters
None.
Data payload:
A dictionary of valid schema for the object type. See ITSI REST API schema.
Return
The key of the object created or updated.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity -H "Content-Type: application/json" -X POST -d '{"component": ["PerProcess"],"informational": {"fields": ["info"],"values": ["field"]},"_version": "3.0.0","title": "PerProcess","object_type": "entity","_type":"entity","identifier": {"fields": ["component"],"values": ["PerProcess"]}}'
JSON Response
{ "_key":"8b12efff-d81d-409e-8607-35d504e7b4a1" }
DELETE
Delete objects in your environment by object type.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of the field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity?fields='title''&'filter='{"title":"bar"}' -X DELETE
To prevent accidental deletion of good data, make sure to use the correct filter syntax. Incorrect filter syntax causes all rows to be deleted for the object type. A better method for deletion is to use an object's key, such as "60d9300f-0942-4bda-bdec-5ad4baf633b6", rather than a filter.
Response
None.
itoa_interface/<object_type>/bulk_update
Bulk create and update ITOA interface objects such as entities, services, and KPI base searches. The key is the value populated in the _key
field which is returned in the REST call in the API for create. For example: "_key" : "60d9300f-0942-4bda-bdec-5ad4baf633b6".
POST
Update multiple objects of a particular type.
Request parameters
Name | Type | Description |
---|---|---|
is_partial_data | Boolean | 1 if the payload for the update is a partial payload. 0 indicates the entire payload for the object schema provided and overwrites the existing object. Default is 0 .
|
Data payload
A dictionary of valid schema for the object type. See the ITSI REST API schema.
Return
The unique key value for the updated object.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/bulk_update?is_partial_data=1 -H "Content-Type: application/json" -X POST -d '[{"_key": "object-1", "description": "foo"}]'
JSON Response
{ "_key":"object-1" }
itoa_interface/<object_type>/<_key>
Perform CRUD operations on a single ITSI object. The key is the value populated in the _key
field which is returned in the REST call in the API for create. For example: "_key" : "60d9300f-0942-4bda-bdec-5ad4baf633b6".
GET
Get information about a specific ITSI object.
Request parameters
None.
Data payload
None.
Return
A list of objects queried.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity?filter='{"title":"bar"}'
JSON Response
{ "description":"", "mod_source":"REST", "title":"mysql-04", "services":[ { "_key":"92eae0d1-7ea0-4d52-8500-d6c19bd48dfa", "title":"Database Service" }, { "_key":"95c99846-404f-4c92-9923-2a8c8594bff1", "title":"Buttercup Store" } ], "create_by":"nobody", "mod_by":"nobody", "create_time":"2016-12-21T21:55:25.549653+00:00", "identifier":{ "fields":[ "host" ], "values":[ "mysql-04" ] }, "identifying_name":"mysql-04", "_key":"00a2f562-19ad-4398-8f12-918bc04a372b", "mod_timestamp":"2017-04- 15T00:20:21.651660+00:00", "host":[ "mysql-04" ], "_version":"2.6.0", "_type":"entity", "test":[ "true" ], "itsi_role":[ "operating_system_host" ], "_user":"nobody", "informational":{ "fields":[ "itsi_role", "test" ], "values":[ "operating_system_host", "true" ] }, "object_type":"entity", "create_source":"unknown", "mod_time":"2017-04-14 17:20:03.610566", "sec_grp":"default_itsi_security_group" }
POST
Update the field values of a specific object.
Request parameters
Name | Type | Description |
---|---|---|
is_partial_data | Boolean | 1 if the payload for the update is a partial payload. 0 indicates the entire payload for the object schema provided and overwrites the existing object. Default is 0 .
|
Data payload
A dictionary of valid schema for the object type. See ITSI REST API schema.
Return
The key of the updated object.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/<_key>/?is_partial_data=1 -X POST -H "Content-Type:application/json" -d '{"description": "foo"}'
JSON Response
{ "_key":"8b12efff-d81d-409e-8607-35d504e7b4a1" }
DELETE
Delete an object.
Request parameters
None.
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/60d9300f-0942-4bda-bdec-5ad4baf633b6 -X DELETE
To prevent accidental deletion of entities, do not use a filter. Incorrect filter syntax will cause all entities to be deleted.
JSON Response
None.
itoa_interface/<object_type>/count
Get a count of objects of a particular type in your environment.
GET
Get a count of objects of a particular type.
Request parameters
Name | Type | Description |
---|---|---|
filter | String | MongoDB syntax of rules expressions to filter the objects. See How to use the filter parameter.
If no filter is specified, |
Return
A count of objects of the object type that match the filter criteria, if provided. If you don't provide any filtering criteria, the request returns a count of all objects in your environment.
Example request and response
curl -k -u admin:password https://localhost.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/count/?fields='title''&'filter='{"title":{"$regex":".*mysql"}}'
JSON Response
{ "count":3 }
itoa_interface/<object_type>/<_key>/templatize
Generate a template from an existing ITSI object. Only service and KPI base search objects are supported. You can use the template to replicate the object configuration into other objects.
The key is the value populated in the _key
field which is returned in the REST call in the API for create. For example: "_key" : "60d9300f-0942-4bda-bdec-5ad4baf633b6".
GET
Get the template of an existing ITSI object.
Request parameters
None.
Data payload
None.
Return
A dictionary with the template derived from the ITSI object.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/<_key>/templatize
JSON Response
{ "title":"External Authorization Services", "service_template_id":"", "sec_grp":"default_itsi_security_group", "enabled":1, "_version":"2.5.0", "services_depends_on":[ ], "tags":[ ], "object_type":"service", "serviceTemplateId":[ ], "kpis":[ { "tz_offset":null, "backfill_earliest_time":"-7d", "alert_on":"both", "entity_statop":"avg", "datamodel_filter":[ ], "entity_id_fields":"", "urgency":"11", "service_id":"0e11bf81-9bdf-4d95-b92b-6318631d538b", "datamodel":{ "object":"", "datamodel":"", "field":"", "owner_field":"" }, "target":"", "gap_severity_color_light":"#EEEEEE", "title":"ServiceHealthScore", "kpi_base_search":"", "threshold_field":"aggregate", "search_type":"adhoc", "entity_thresholds":{ "isMinStatic":true, "gaugeMin":0, "gaugeMax":100, "metricField":"count", "renderBoundaryMin":0, "baseSeverityValue":2, "renderBoundaryMax":100, "baseSeverityColor":"#99D18B", "search":"", "baseSeverityColorLight":"#DCEFD7", "thresholdLevels":[ { "severityValue":6, "thresholdValue":0, "severityColorLight":"#E5A6A6", "severityColor":"#B50101", "severityLabel":"critical" }, { "severityValue":5, "thresholdValue":20, "severityColorLight":"#FBCBB9", "severityColor":"#F26A35", "severityLabel":"high" }, { "severityValue":4, "thresholdValue":40, "severityColorLight":"#FEE6C1", "severityColor":"#FCB64E", "severityLabel":"medium" }, { "severityValue":3, "thresholdValue":60, "severityColorLight":"#FFF4C5", "severityColor":"#FFE98C", "severityLabel":"low" }, { "severityValue":2, "thresholdValue":80, "severityColorLight":"#DCEFD7", "severityColor":"#99D18B", "severityLabel":"normal" } ], "baseSeverityLabel":"normal", "isMaxStatic":false }, "adaptive_thresholding_training_window":"-7d", "gap_severity_color":"#CCCCCC", "search_alert_earliest":"15", "alert_lag":"30", "time_variate_thresholds":false, "is_entity_breakdown":false, "entity_alias_filtering_fields":null, "anomaly_detection_training_window":"-7d", "type":"service_health", "time_variate_thresholds_specification":{ "policies":{ "default_policy":{ "title":"Default", "aggregate_thresholds":{ "isMinStatic":true, "gaugeMax":100, "metricField":"count", "renderBoundaryMin":0, "baseSeverityValue":1, "renderBoundaryMax":100, "baseSeverityColor":"#AED3E5", "search":"", "baseSeverityColorLight":"#E3F0F6", "thresholdLevels":[ ], "gaugeMin":0, "isMaxStatic":false, "baseSeverityLabel":"info" }, "entity_thresholds":{ "isMinStatic":true, "gaugeMax":100, "metricField":"count", "renderBoundaryMin":0, "baseSeverityValue":1, "renderBoundaryMax":100, "baseSeverityColor":"#AED3E5", "search":"", "baseSeverityColorLight":"#E3F0F6", "thresholdLevels":[ ], "gaugeMin":0, "isMaxStatic":false, "baseSeverityLabel":"info" }, "policy_type":"static" } }, "time_blocks":[ { "policy_key":"default_policy", "time_block_key":"00-00" }, { "policy_key":"default_policy", "time_block_key":"00-01" }, { "policy_key":"default_policy", "time_block_key":"00-02" }, { "policy_key":"default_policy", "time_block_key":"00-03" }, … { "policy_key":"default_policy", "time_block_key":"05-10" }
itoa_interface/service/<_key>/base_service_template
Perform bulk link operations from one or more services to a service template. Requires write access to the specific services and read access to Global team.
GET
Get the key value for the service template linked to a service.
Request parameters
None.
Data payload
None.
Return
Dictionary of {'_key': service_template_id}
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/5a0084fd-a090-42fa-9283-0bbe5080429c/base_service_template
JSON Response
{ "_key":"00a2f562-19ad-4398-8f12-918bc04a372b" }
POST
Link one or more services to a service template.
When linking a service to a service template via the UI where entity rules are defined, you have the option of appending or replacing the rules in the template or keeping the existing rules. However, changing the linked service template via REST gives no option to handle entity rules. As a result, the request defaults to appending template rules. If you want to replace or keep the existing rules, edit the template through the UI instead of the API.
Request parameters
None.
Data payload
A dictionary of valid schema for the object type. See ITSI REST API schema.
Return
Dictionary of {'_key': service_template_id}
Example request and response
curl -k -u admin:password -X POST -H "Accept: application/json" -H "Content-type: application/json" --data '{"_key": "491b90d8-62f3-4aeb-be9e-6ccb0b7e63b8"}' https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/service/6b0dda59-de86-4b9d-8817-460b5091d28c/base_service_template
JSON Response
{ "_key":"6b0dda59-de86-4b9d-8817-460b5091d28c" }
itoa_interface/content_pack_authorship/content_pack/
API to perform bulk operations for custom content packs.
GET
Retrieves a list of available content packs.
Request parameters
Name | Type | Description |
---|---|---|
sort_key |
String | Name of field to sort by. |
sort_dir |
String | The sort direction. Use asc for ascending order and des for descending order.
|
output_mode |
String | 'json' output. |
status |
String | Content pack status, which can be one of the folllowing: Draft , Queued , Generating , Generated , Failed , Incomplete
|
offset |
Number | Specifies the number n where n is the number of entries to skip. Used primarily for paging. |
fields |
Array | Specifies the fields in the return results. |
count |
Number | Specifies the number of entries to return. |
filter |
String | MongoDB syntax of rules expressions to filter the payload. Make sure to use the correct filter syntax. Incorrect filter syntax will cause all rows to be returned for the object type. |
search |
String | Filters the content packs with title that contains the search string. |
Data payload
None.
Return
List of content packs with default fields or fields passed through query parameters.
Note: The fields icon
, itsi_objects_counts
, splunk_objects_counts
cannot be queried directly by specifying them in the fields' query parameters. However these fields are returned if no fields are passed in the query parameters.
Example request
curl -k -u admin:password 'https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/content_pack?count=1&offset=0&sort_dir=desc&sort_key=mod_timestamp&output_mode=json&sort_mode=auto&status=generated&fields=_key,title,description,cp_version,metadata,status,mod_source,object_type,mod_timestamp,_version,_user,itsi_objects,splunk_objects'
JSON Response
[ { "title":"test1", "description":"test", "cp_version":"1.0.0", "metadata":{ "icon":null, "main_screenshot":{ }, "screenshots":[ ] }, "itsi_objects":{ "base_service_template":[ "14b5ada2-3ecf-4708-9bdd-d49909f44f2c", "SAI-AWS_EC2_Service_Template" ], "correlation_search":[ ], "deep_dive":[ ], "entity_type":[ "k8s_node" ], "event_management_state":[ "9d27ade8-700e-11ed-bdfc-694ea8dd14e8" ], "glass_table":[ "dc2c0d04-dd74-11ec-b46b-41b768b492ba" ], "home_view":[ "807a20e6-3741-11ed-8656-02420a220f03" ], "kpi_base_search":[ "5f1ef9215fb73517a914174c", "a1b70f9f-d777-47f7-a751-e0dec58fd0d6", "f4eb55e5-37b3-48ef-a347-4ef81a83c112" ], "kpi_threshold_template":[ ], "notable_aggregation_policy":[ "e9457956-775e-11ed-9d3f-02420a81e003" ], "service":[ "bd025ece-0a7e-4026-bc9a-63c1c828b933" ], "team":[ "default_itsi_security_group" ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[ ], "savedsearches":[ ], "transforms":[ ] }, "status":"Draft", "mod_source":"unknown", "object_type":"content_pack", "mod_timestamp":"2023-02-01T04:41:35.076441+00:00", "_version":"4.16.0", "_user":"nobody", "_key":"63d9ed7f802bc46c575f20c3" }, { "title":"test2", "description":"test", "cp_version":"1.0.0", "metadata":{ "icon":null, "main_screenshot":{ }, "screenshots":[ ] }, "itsi_objects":{ "base_service_template":[ "4213f33b-e159-4b8b-9d44-ea488f27f417", "14b5ada2-3ecf-4708-9bdd-d49909f44f2c", ], ""correlation_search"": [ ""Bidirectional Ticketing"", ""BMC Remedy Bidirectional Ticketing"", ], ""deep_dive"": [ "6a3001c2-dd49-11ec-b462-41b768b492ba" ], ""entity_type"": [], ""event_management_state"": [ "9d27ade8-700e-11ed-bdfc-694ea8dd14e8", "2e8619bc-775f-11ed-bc0e-02420a81e003" ], ""glass_table"": [ "dc2c0d04-dd74-11ec-b46b-41b768b492ba", "894899c8-dd4b-11ec-b463-41b768b492ba" ], ""home_view"": [ "aa3db5c8-3741-11ed-8656-02420a220f03", "2a44588e-3743-11ed-b84a-02420a220f03", ], ""kpi_base_search"": [ "568ff232-7068-4b56-8dc7-5f2ca4bd523e", "72fdbcea-447a-4aa1-8162-2a1b27c5be01", ], ""kpi_threshold_template"": [ "629129687218585f3648d53d", ], ""notable_aggregation_policy"": [ "e9457956-775e-11ed-9d3f-02420a81e003", "ceaf31a4-775e-11ed-9d3f-02420a81e003", ], ""service"": [ "359a4a5e-f454-4901-ae6c-b887a507f89b", "b8f07dea-5090-434e-a7a9-68d267e40c1f", ], ""team"": [ ""default_itsi_security_group"", ""bee-sec-group"", ""ayy-sec-group"" ] }, ""splunk_objects"": { ""dashboards"": [], ""lookups"": [], ""macros"": [], ""props"": [], ""savedsearches"": [], ""transforms"": [] }, ""status"": ""Draft"", ""mod_source"": ""unknown"", ""object_type"": ""content_pack"", ""mod_timestamp"": ""2023-01-27T19":"11":"55.352969+00":00", ""_version"": "4.16.0", ""_user"": ""nobody"", ""_key"": "63d421fbdfedc56c4714dac3"\" } ]
POST
Creates a content pack.
Request parameters
None.
Data payload
Content pack details including title, description, overview, cp_version, itsi_objects, splunk_objects, user_selected_objects
Return
The unique content pack key(s).
Example request
Curl -k -u admin:password -X POST https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/content_pack -d '{ "title":"example_title", "description":"example_descriptiont", "overview":"", "cp_version":"", "metadata":{ "icon":null, "main_screenshot":{ }, "screenshots":[ ] }, "itsi_objects":{ "base_service_template":[ ], "correlation_search":[], "deep_dive":[ ], "entity_type":[ ], "event_management_state":[ ], "glass_table":[ ], "Home_view":[ ], "Kpi_base_search":[ ], "kpi_threshold_template":[ ], "notable_aggregation_policy":[ ], "service":[ ], "team":[ "default_itsi_security_group" ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[], "savedsearches":[ ], "transforms":[] }, "user_selected_objects":{ "itsi_objects":{ "base_service_template":[ ], "correlation_search":[ ], "deep_dive":[ ], "entity_type":[ ], "event_management_state":[], "glass_table":[ ], "home_view": [ ], "kpi_base_search":[ ], "kpi_threshold_template":[ ], "notable_aggregation_policy":[ ], "service":[ ], "team":[ ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[ ], "savedsearches":[ ], "transforms":[ ] } } }'
JSON Response
{"_key": "63d84f746edaf755a171ab3d" }
itoa_interface/content_pack_authorship/content_pack/count
GET
Retrieves content packs with a specific status.
Request parameters
Name | Type | Description |
---|---|---|
filter |
String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. Make sure to use the correct filter syntax. Incorrect filter syntax will cause all rows to be returned for the object type. |
Data payload
None.
Return
Count for content packs with a specific status.
Example request
curl -k -u admin:password 'https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/content_pack/count?filter=\{"status":\{"$ne":"Generated"\}\}'
JSON Response
{"count": 150}
itoa_interface/content_pack_authorship/content_pack/<key>
GET
Retrieves a single content pack.
Request parameters
None.
Data payload
None.
Return
Content pack details for single content pack.
Example request
curl -k -u admin:Chang3d! 'https://localhost:8089/servicesNS/nobody/SA ITOA/itoa_interface/content_pack_authorship/content_pack/63d9ed7f802bc46c575f20c3
JSON Response
{ "title":"testAPI", "description":"test", "overview":"test", "cp_version":"1.0.0", "metadata":{ "icon":"", ""main_screenshot"": { ""name"": ""main_screenshot.png"", "content_base64": ""data":image/png;base64, iVBORw0KGg }"itsi_objects":{ "service":[ { "bd025ece-0a7e-4026-bc9a-63c1c828b933":"abhorrible" } ], "kpi_base_search":[ { "5f1ef9215fb73517a914174c":"Heartbeat" }, { "a1b70f9f-d777-47f7-a751-e0dec58fd0d6":"PSR Base 4:Backfill Minutes_12a085c9" } ], "kpi_threshold_template":[ ], "base_service_template":[ { "14b5ada2-3ecf-4708-9bdd-d49909f44f2c":"PSR Base Pt2" }, { "SAI-AWS_EC2_Service_Template":"Cloud KPIs - AWS EC2 (SAI)" } ], "glass_table":[ { "dc2c0d04-dd74-11ec-b46b-41b768b492ba":"barglass" } ], "deep_dive":[ ], "entity_type":[ { "k8s_node":"Kubernetes Node" } ], "home_view":[ { "807a20e6-3741-11ed-8656-02420a220f03":"Parcelling" } ], "notable_aggregation_policy":[ { "e9457956-775e-11ed-9d3f-02420a81e003":"CP Test Policy 2" } ], "correlation_search":[ ], "event_management_state":[ { "9d27ade8-700e-11ed-bdfc-694ea8dd14e8":"Episode Review" } ], "team":[ { "default_itsi_security_group":"Global" } ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[ ], "savedsearches":[ ], "transforms":[ ] }, "user_selected_objects":{ "itsi_objects":{ "base_service_template":[ "SAI-AWS_EC2_Service_Template" ], "correlation_search":[ ], "deep_dive":[ ], "entity_type":[ "k8s_node" ], "event_management_state":[ "9d27ade8-700e-11ed-bdfc-694ea8dd14e8" ], "glass_table":[ "dc2c0d04-dd74-11ec-b46b-41b768b492ba" ], "home_view":[ "807a20e6-3741-11ed-8656-02420a220f03" ], "kpi_base_search":[ ], "kpi_threshold_template":[ ], "notable_aggregation_policy":[ "e9457956-775e-11ed-9d3f-02420a81e003" ], "service":[ "bd025ece-0a7e-4026-bc9a-63c1c828b933" ], "team":[ ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[ ], "savedsearches":[ ], "transforms":[ ] } }, "status":"Draft", "mod_time":"2023-01-31 20:41:35", "mod_source":"unknown", "object_type":"content_pack", "mod_timestamp":"2023-02-01T04:41:35.076441+00:00", "_version":"4.16.0", "identifying_name":"testapi", "_user":"nobody", "_key":"63d9ed7f802bc46c575f20c3" }
POST
Edit existing content pack.
Request parameters
None.
Data payload
JSON of the content pack's contents
Return
Content pack key.
Example request
curl -k -u admin:password -X POST https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/content_pack/63d84f746edaf755a171ab3d -d '{ "title":"example_title", "description":"example_descriptiont", "overview":"", "cp_version":"", "metadata":{ "icon":null, "main_screenshot":{ }, "screenshots":[ ] }, "itsi_objects":{ "base_service_template":[ ], "correlation_search":[], "deep_dive":[ ], "entity_type":[ ], "event_management_state":[ ], "glass_table":[ ], "Home_view":[ ], "Kpi_base_search":[ ], "kpi_threshold_template":[ ], "notable_aggregation_policy":[ ], "service":[ ], "team":[ "default_itsi_security_group" ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[], "savedsearches":[ ], "transforms":[] }, "user_selected_objects":{ "itsi_objects":{ "base_service_template":[ ], "correlation_search":[ ], "deep_dive":[ ], "entity_type":[ ], "event_management_state":[], "glass_table":[ ], "home_view": [ ], "kpi_base_search":[ ], "kpi_threshold_template":[ ], "notable_aggregation_policy":[ ], "service":[ ], "team":[ ] }, "splunk_objects":{ "dashboards":[ ], "lookups":[ ], "macros":[ ], "props":[ ], "savedsearches":[ ], "transforms":[ ] } } }'
JSON Response
{"_key": "63d84f746edaf755a171ab3d" }
DELETE
Delete one custom content pack.
Request parameters
None.
Data payload
None.
Return
Content pack details for single content pack.
Example request
curl -k -u admin:password https://localhost:8089//servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/content_pack/633262c2716f8a0bcd009fe6 -X DELETE '''JSON Response'''<br> <div class="samplecode"><pre> N/A
itoa_interface/content_pack_authorship/content_pack/submit
POST
Build a custom content pack.
Request parameters
N/A
Data payload
N/A
Return
The key and description of the custom content pack.
Example request
curl -k -u admin:Chang3d! -X POST 'https://127.0.0.1:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/content_pack/63d8501b6edaf755a171ab3e/submit' '''JSON Response'''<br> <div class="samplecode"><pre> {"_key": "63d8501b6edaf755a171ab3e"}
itoa_interface/content_pack_authorship/files/<key>.tar.gz
GET
Download a custom content pack once it has been built.
Request parameters
N/A
Data payload
N/A
Return
The details for the downloaded content pack. Your package will be named DA-ITSI-CP-CUST-<_key>_<version>.tar.gz
Example request
curl -k -u admin:<password> -o <filename>.tar.gz https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack_authorship/files/<_key>.tar.gz '''JSON Response'''<br> <div class="samplecode"><pre> DA-ITSI-CP-CUST-6397cf94789f2c7aad32ee51_1_0_0.tar.gz
itoa_interface/content_pack
API to get a list of available content packs in the ITSI Content Library. Use the installed_versions
key to determine whether a content pack is currently installed on your system. For more information about the Content Library, see About the ITSI Content Library.
GET
Retrieves a list of content packs in the Content Library.
Request parameters
Name | Type | Description |
---|---|---|
count | Integer | The maximum number of entries to return. If count isn't set, all entries are returned.
|
offset | Integer | Index of the first item to return. |
sort_dir | String | The response sort order:
|
sort_key | String | The field name to use for sorting. |
Data payload
None.
Return
An array with success and failure keys. The success key contain an array with information about each content pack. The failure key contains an array with error information about each content pack that failed to load.
Example request
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack?count=2&sort_key=name
JSON Response
{ "items": { "success": [ { "author": "", "description": "Content Pack for AWS Dashboards and Reports gives you critical operational insight into your Amazon Web Services accounts.", "icon": "app/DA-ITSI-CP-aws-dashboards/icon.png", "id": "DA-ITSI-CP-aws-dashboards", "help_links": [], "title": "AWS Dashboards and Reports", "version": "1.3.2", "installed_versions": [], "screenshots": [ { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/insight_overview.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/insight_overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/usage_overview.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/usage_overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/billing_cur_overview.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/billing_cur_overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/ebs_insights.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/ebs_insights_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/elb_insights.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/elb_insights_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/ec2_instance_entities.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/ec2_instance_entities_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/ec2_instance_infra_overview.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/ec2_instance_infra_overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/entity_type_infra_overview.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/entity_type_infra_overview_thumbnail.png" } ], "main_screenshot": { "path": "app/DA-ITSI-CP-aws-dashboards/screenshots/overview.png", "thumb": "app/DA-ITSI-CP-aws-dashboards/screenshots/overview_thumbnail.png" }, "saved_searches": { "total": 45, "enabled": 45, "disabled": 0 }, "entitlement_status": true } ], "failure": [ { "title": "Monitoring Citrix", "error_code": 404, "error_message": "FileNotFound Error! manifest.json or rule.json absent", "action_detail": "Check the itsi_content_packs_retrieve.log for more details" } ] } }
itoa_interface/content_pack/<name>/<version>
API to retrieve information about a single content pack in the ITSI Content Library.
GET
Gets information about a content pack.
Request parameters
None.
Data payload
None.
Return
A dictionary of keys representing information about the requested content pack.
Example request
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack/DA-ITSI-CP-microsoft-exchange/1.6.0
JSON Response
{ "author": "", "description": "Content Pack for Microsoft Exchange gives you visibility into the health and performance of your Microsoft Exchange environment, from Edge and Hub Transport servers to the Client Access servers and the Mailbox Store itself.", "icon": "app/DA-ITSI-CP-microsoft-exchange/icon.png", "id": "DA-ITSI-CP-microsoft-exchange", "help_links": [], "title": "Microsoft Exchange", "version": "1.6.0", "installed_versions": [ "1.6.0" ], "screenshots": [ { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Exchange_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Exchange_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Service_Analyzer.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Service_Analyzer_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Exchange_CP_ITSI_Objects.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Exchange_CP_ITSI_Objects_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Client_Service_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Client_Service_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Environment_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Environment_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Health_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Health_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Host_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Host_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Mailbox_Database_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Mailbox_Database_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Message_Activity_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Message_Activity_Overview_thumbnail.png" }, { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/User_Behavior_Overview.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/User_Behavior_Overview_thumbnail.png" } ], "main_screenshot": { "path": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Glass_Table.png", "thumb": "app/DA-ITSI-CP-microsoft-exchange/screenshots/Glass_Table_thumbnail.png" }, "overview": "## ITSI Content Pack\n\nThe IT Service Intelligence (ITSI) Content Pack for Microsoft Exchange is a collection of dashboards and their Knowledge Objects that gives you visibility into the health and performance of your Microsoft Exchange environment, from Edge and Hub Transport servers to the Client Access servers and the Mailbox Store itself.\nThe dashboards leverage data collected using Splunk Add-on for Microsoft Exchange.\n\nFor installation and configuration instructions, see [Install and configure the Content Pack for Microsoft Exchange](https://docs.splunk.com/Documentation/ITSICP/current/Config/ConfigExchange).\n\n**Note**: This content pack requires that you first install and Configure the [Splunk Add-on for Microsoft Exchange](https://splunkbase.splunk.com/app/3225/).\n\n## Contents\n\nFor the full contents of the content pack and release notes, see [What's new in the Content Pack for Microsoft Exchange](https://docs.splunk.com/Documentation/ITSICP/current/Config/ExchangeRN).\n" }
itoa_interface/content_pack/<name>/<version>/install
API to install a content pack and update the status of saved searches of a content pack from the ITSI Content Library.
POST
Installs the content pack and updates the status of saved searches with a specified ID and version in your environment.
Request parameters
Name | Type | Description |
---|---|---|
content | Dictionary | Selectively install objects from the content pack. If you include one or more object IDs, only those objects are installed.
Note: Pass empty dictionary when you don't want to install objects. |
resolution | String | Optional. Determine whether to append or replace objects.
|
enabled | Boolean | Optional. Install services, correlation searches, or notable event aggregation policies as enabled. Objects such as saved searches and base searches are still installed in their original state. Set this to enabled=1 in order to install objects as enabled. If you don't set the enabled parameter, objects are installed as disabled.
|
prefix | String | Optional. Add a prefix to each object installed from the content pack. Defaults to an empty string if not provided. |
backfill | Boolean | Optional. Backfills your ITSI environment with the previous seven days of KPI data. Does not apply to service health scores. Default is true .
|
saved_search_action | String | Optional. Determine whether to enable or disable the saved searches of the content pack. If nothing is passed, no action is performed on the saved searches.
|
install_all | Boolean | Optional. Optional. Install all ITSI objects of the content pack. Default is False.
|
Data payload
A dictionary of valid schema.
Return
A dictionary in the format {success: [], failure: [], saved_searches: {action_performed: "", success: [], failure: []}}
.
success
contains the title and ID of what was successfully installed.failure
contains the ID, title, and reason of what failed to install by object_type.saved_searches
contains the following items:action performed
: contains the selected action on the saved searches.success
: contains the list of saved searches that were successfully activated or deactivated.failure
: contains the list of saved searches and the reason for what failed to activate or deactivate them.
Example request
curl -X POST -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack/DA-ITSI-CP-microsoft-exchange/1.6.0/install -H "Content-Type: application/json" -X POST -d '{"resolution":"skip","content":{"glass_tables":["da-itsi-cp-microsoft-exchange-exchange-365-glass-table-executive-overview-in-exchange", "da-itsi-cp-microsoft-exchange-exchange-executive-overview-v2-1"]}, "saved_search_action": "enable"}'
JSON Response
{ "failure": [ { "type": "OBJECT_ALREADY_EXISTS", "content_type": "glass_tables", "id": "Exchange Executive Overview (v2.1)", "title": "Exchange Executive Overview (v2.1)" } ], "success": [ { "glass_table_images": [ { "id": "da-itsi-cp-microsoft-exchange-compute", "title": "da-itsi-cp-microsoft-exchange-compute.png" }, { "id": "da-itsi-cp-microsoft-exchange-connected", "title": "da-itsi-cp-microsoft-exchange-connected.png" }, { "id": "da-itsi-cp-microsoft-exchange-disk", "title": "da-itsi-cp-microsoft-exchange-disk.png" }, { "id": "da-itsi-cp-microsoft-exchange-envelope", "title": "da-itsi-cp-microsoft-exchange-envelope.png" }, { "id": "da-itsi-cp-microsoft-exchange-eugenia-ai-awtbr67al18-unsplash-jpg", "title": "da-itsi-cp-microsoft-exchange-eugenia-ai-awtbr67al18-unsplash-jpg.jpeg" }, { "id": "da-itsi-cp-microsoft-exchange-health", "title": "da-itsi-cp-microsoft-exchange-health.png" }, { "id": "da-itsi-cp-microsoft-exchange-mailbox", "title": "da-itsi-cp-microsoft-exchange-mailbox.png" }, { "id": "da-itsi-cp-microsoft-exchange-memory", "title": "da-itsi-cp-microsoft-exchange-memory.png" }, { "id": "da-itsi-cp-microsoft-exchange-microsoft-365", "title": "da-itsi-cp-microsoft-exchange-microsoft-365.svg" }, { "id": "da-itsi-cp-microsoft-exchange-msexchangebackgroundimagecreate2", "title": "da-itsi-cp-microsoft-exchange-msexchangebackgroundimagecreate2.png" }, { "id": "da-itsi-cp-microsoft-exchange-msexchangebackgroundimagecreate3", "title": "da-itsi-cp-microsoft-exchange-msexchangebackgroundimagecreate3.png" }, { "id": "da-itsi-cp-microsoft-exchange-msexchangebackgroundimagecreate4", "title": "da-itsi-cp-microsoft-exchange-msexchangebackgroundimagecreate4.png" }, { "id": "da-itsi-cp-microsoft-exchange-msexchangedashboardbackground", "title": "da-itsi-cp-microsoft-exchange-msexchangedashboardbackground.png" }, { "id": "da-itsi-cp-microsoft-exchange-msexchangelogo", "title": "da-itsi-cp-microsoft-exchange-msexchangelogo.png" }, { "id": "da-itsi-cp-microsoft-exchange-network", "title": "da-itsi-cp-microsoft-exchange-network.png" }, { "id": "da-itsi-cp-microsoft-exchange-slide6", "title": "da-itsi-cp-microsoft-exchange-slide6.png" }, { "id": "da-itsi-cp-microsoft-exchange-stack", "title": "da-itsi-cp-microsoft-exchange-stack.png" }, { "id": "da-itsi-cp-microsoft-exchange-swap", "title": "da-itsi-cp-microsoft-exchange-swap.png" }, { "id": "da-itsi-cp-microsoft-exchange-transport", "title": "da-itsi-cp-microsoft-exchange-transport.png" }, { "id": "da-itsi-cp-microsoft-exchange-windows", "title": "da-itsi-cp-microsoft-exchange-windows.png" } ], "glass_tables": [ { "id": "da-itsi-cp-microsoft-exchange-exchange-365-glass-table-executive-overview-in-exchange", "title": "Exchange & 365 Glass Table [Executive Overview in Exchange]" } ] } ], "saved_searches": { "action_performed": "enable", "success": [ "ActiveSync - Remote Device Wipes", "ActiveSync - Sync Events over Time", "ActiveSync - Top Device Types", "ActiveSync - Top Users by Device and Sync Events", "ActiveSync - Top Users by Sync Events", "ActiveSync - User-initiated Device Wipe Requests", "CAS Throttling Policies", "Client Landing - ActiveSync", "Client Landing - EWS", "Client Landing - Outlook Anywhere", "Client Landing - OWA", "Environment Report - External Clients", "Environment Report - Internal Clients", "Environment Report - Mailboxes", "Environment Report - Messages", "EWS - Requests over Time", "EWS - Top Mail Clients", "EWS - Top Operating Systems", "EWS - Top Users by IP Address and RPC Sessions", "EWS - Top Users by RPC Sessions", "Legacy Client Timechart", "Litigation Hold Report", "Lookup - Database Information", "Lookup - User Subject Information", "Mailbox Database Overview - Active Mailbox Databases", "Mailbox Database Overview - Mailbox Database Backups", "Message Tracking Landing - Hub Status", "Message Tracking Landing - Inbound SMTP Gauge", "Message Tracking Landing - Inbound SMTP Rate", "Message Tracking Landing - Mailbox Delivery Gauge", "Message Tracking Landing - Mailbox Delivery Rate", "Message Tracking Landing - Mailbox Status", "Message Tracking Landing - Outbound SMTP Gauge", "Message Tracking Landing - Outbound SMTP Rate", "Message Tracking Landing - User Submission Gauge", "Message Tracking Landing - User Submission Rate", "Multi-Mailbox Search Usage Report", "Non-Owner Mailbox Access Report", "Outlook - RPC Sessions over Time", "Outlook - Top Users by IP Address and RPC Sessions", "Outlook - Top Users by RPC Sessions", "Outlook Anywhere - RPC Sessions over Time", "Outlook Anywhere - Top Users by IP Address and RPC Sessions", "Outlook Anywhere - Top Users by RPC Sessions", "OWA - Page Impressions over Time", "OWA - Top Browsers", "OWA - Top Operating Systems", "OWA - Top Users by IP Address and Page Impressions", "OWA - Top Users by Page Impressions", "Public Folder Usage", "si-client-users", "si-msexchange-internet-mail", "si-msexchange-user-mail", "si-msexchange-user-population", "Static Health Overview - Message Processing Rate", "Static Health Overview - Non-Reporting Servers", "Static Health Overview - Outbound Mail Reputation", "Static Health Overview - Service Availability", "Static Health Overview - Top Local Recipients", "Static Health Overview - Top Local Senders", "Top IMAP4 Users", "Top POP3 Users", "Troubleshooting - Inventory", "Troubleshooting - Message Tracking", "Troubleshooting - Performance", "Troubleshooting - User Folders", "Troubleshooting - User Mailboxes", "Troubleshooting - Web Logs", "Unused Mailboxes Report" ], "failure":[ { "name":"Lookup - Host Information", "error_message":"[HTTP 400] Bad Request; [{'type': 'ERROR', 'code': None, 'text': \"Unknown search command 'fit'.\"}]" } ] } }
itoa_interface/content_pack/<name>/<version>/preview
API to preview a content pack from the ITSI Content Library.
GET
Preview ITSI objects and the status of saved searches within a single content pack.
Request parameters
None.
Data payload
None.
Return
An array of dictionaries representing each ITSI object type and the dictionary of status of the saved searches within the content pack.
- Dictionary of ITSI Object includes the keys
id
,title
,description
,entitlement_status
,installed
andhas_dependency
. - Dictionary of Saved searches includes keys of
has_saved_searches
andhas_consistent_status
.
Example request
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/content_pack/DA-ITSI-CP-microsoft-exchange/1.6.0/preview
JSON Response
{ "entity_types": [ { "id": "da-itsi-cp-microsoft-exchange-microsoft-exchange-host", "title": "Microsoft Exchange Host", "description": "", "entitlement_status": true, "installed": false, "has_dependency": false } ], "glass_tables": [ { "id": "da-itsi-cp-microsoft-exchange-exchange-365-glass-table-executive-overview-in-exchange", "title": "Exchange & 365 Glass Table [Executive Overview in Exchange]", "description": "", "entitlement_status": true, "installed": true, "has_dependency": false }, { "id": "da-itsi-cp-microsoft-exchange-exchange-executive-overview-v2-1", "title": "Exchange Executive Overview (v2.1)", "description": "", "entitlement_status": true, "installed": false, "has_dependency": false }, { "id": "da-itsi-cp-microsoft-exchange-exchange-functional-overview-1-0", "title": "Exchange Functional Overview (1.0)", "description": "", "entitlement_status": true, "installed": false, "has_dependency": false }, { "id": "da-itsi-cp-microsoft-exchange-exchange-system-overview-v1-1", "title": "Exchange System Overview (v1.1)", "description": "", "entitlement_status": true, "installed": false, "has_dependency": false } ], "service_analyzers": [ { "id": "da-itsi-cp-microsoft-exchange-exchange-service-analyzer", "title": "Exchange Service Analyzer", "description": "The Service Analyzer includes only those services related to Microsoft Exchange.", "entitlement_status": true, "installed": false, "has_dependency": false } ], "services": [ { "id": "da-itsi-cp-microsoft-exchange-msexchange-activesync", "title": "MSExchange_ActiveSync", "description": "Exchange ActiveSync is an Exchange synchronization protocol that's optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets mobile phones access an organization's information on a server that's running Microsoft Exchange.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-autodiscover", "title": "MSExchange_AutoDiscover", "description": "The Autodiscover service minimizes user configuration and deployment steps by providing clients access to Exchange features", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-asp-net", "title": "MSExchange_BaseMetrics_ASP.NET", "description": "ASP.NET supports the application performance KPI's of a single instance of an ASP.NET application. The KPI's will display zero when no applications are currently executing on the server.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-dns", "title": "MSExchange_BaseMetrics_DNS", "description": "The DNS Performance KPI's monitor the status of the DNS Server service on a Windows device.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-group-disk", "title": "MSExchange_BaseMetrics_Group-Disk", "description": "This is a group of Services, associated with Disk, including: Physical Disk and Logical Disk.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-group-memory", "title": "MSExchange_BaseMetrics_Group-Memory", "description": "This is a group of Services, associated with Memory, including: .NET CLR Memory and Memory.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-group-network", "title": "MSExchange_BaseMetrics_Group-Network", "description": "This is a group of Services, associated with Network, including: DNS, Network Interface, and TCPv4 & TCPv6.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-group-processing", "title": "MSExchange_BaseMetrics_Group-Processing", "description": "This is a group of Services, associated with Processing, including: Process and Processor.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-logicaldisk", "title": "MSExchange_BaseMetrics_LogicalDisk", "description": "The LogicalDisk service consists of KPI's that monitor logical partitions of hard or fixed disk drives. Logical disks are identified by their drive letter, such as \"C.\"", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-memory", "title": "MSExchange_BaseMetrics_Memory", "description": "The Memory service consists of KPI's that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of RAM on the computer. Virtual memory consists of space in physical memory and on disk. Many of the memory KPI's monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging is a symptom of a memory shortage and can cause delays that interfere with all system processes.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-msexchangestoreinterface", "title": "MSExchange_BaseMetrics_MSExchangeStoreInterface", "description": "The MSExchange Store Interface is the name for the Managed Store or the Information Store (also known as the Store) processes in Exchange Server 2016 and Exchange Server 2019. Introduced in Exchange Server 2013, the Managed Store uses a controller/worker process model that provides storage process isolation and faster database failover. The Managed Store also uses a static database caching mechanism that replaces the dynamic buffer algorithm in previous versions of Exchange.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-netclrmemory", "title": "MSExchange_BaseMetrics_.NetCLRMemory", "description": "The .NET CLR Memory category includes KPI's that provide information about the garbage collector.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-networkinterface", "title": "MSExchange_BaseMetrics_NetworkInterface", "description": "The Network Interface service provides KPI's captured from each of the network cards in your servers. If you have more than one network card in your server, you will see one instance of each counter for every network card you have.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds", "title": "MSExchange_BaseMetrics_NTDS", "description": "NTDS consists of KPI's that provide statistics about the activity of the Active Directory directory service.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-physicaldisk", "title": "MSExchange_BaseMetrics_PhysicalDisk", "description": "The PhysicalDisk service consists of KPI's that monitor hard or fixed disk drives. Disks are used to store file, program, and paging data. They are read to retrieve these items, and are written to record changes to them. The values of physical disk KPI's are sums of the values of the logical disks (or partitions) into which they are divided.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-process", "title": "MSExchange_BaseMetrics_Process", "description": "This service provides KPI's highlighting the process or running process as the set of instructions currently being processed by the computer processor. For example, in Windows you can see each of the processes running by opening the Processes tab in Task Manager. Windows Processes are Windows Services and background programs you normally don't see running on the computer. A process may be a printer program that runs in the background and monitors the ink levels and other printer settings while the computer is running. A typical computer has multiple processes running all the time to help manage the operating system, its hardware, and the software running on the computer.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-processor", "title": "MSExchange_BaseMetrics_Processor", "description": "The Processor service provides KPI's associated to CPU utilization on the servers.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-system", "title": "MSExchange_BaseMetrics_System", "description": "The System service deliver KPI's focused on the Windows Server resources and utilization of these resources and throughput. Be aware that the instances of \\Process(*)\\% Processor Time show all of the processor usage across all of the threads of the process. This means that any single process can consume up to 100% times the number of processors so long as it has enough threads to keep more than one processor busy. For example, an IIS worker process (w3wp.exe) is multithreaded and can consume up to 800% processor time on a system with eight logical processors. Alternatively, a single-threaded process can only consume up to 100% of a single logical processor. The single thread might run on a single processor or it might be evenly distributed across processors depending on the operating system.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-tcpv4-tcpv6", "title": "MSExchange_BaseMetrics_TCPv4-TCPv6", "description": "The TCPv4 and TCPv6 service has key KPI's associated with network resource utilization.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-windows", "title": "MSExchange_BaseMetrics_Windows", "description": "The Windows service provides a high-level abstraction layer and KPI's that focus on disk usage, as system administrators often use these indicators to monitor systems for performance or behavior problems, and resource usage on the servers.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics", "title": "MSExchange_BaseMetrics", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-calendar-attendant", "title": "MSExchange_Calendar_Attendant", "description": "Monitors the activities of the Calendar Attendant on the Microsoft Exchange Server", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-clientaccess-availability", "title": "MSExchange_ClientAccess_Availability", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-clientaccess-performance", "title": "MSExchange_ClientAccess_Performance", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-clientaccess", "title": "MSExchange_ClientAccess", "description": "Client Access services on Mailbox servers provide authentication and proxy services for internal and external client connections.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-database", "title": "MSExchange_Database", "description": "Monitors the activity of Microsoft Exchange Database.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-extensibility-agent", "title": "MSExchange_Extensibility_Agent", "description": "Monitors the activities of transport agents and the time taken by each agent to process email messages.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-imap4", "title": "MSExchange_IMAP4", "description": "Proxies IMAP4 client connections from the Client Access (frontend) services to the backend IMAP4 service on Mailbox servers.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-inbound-smtp", "title": "MSExchange_Inbound_SMTP", "description": "Provides details about inbound message traffic.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-information-store", "title": "MSExchange_Information_Store", "description": "Groups services MSExchange IS, MSExchange IS Client, MSExchange IS Client Type, and MSExchangeIS Mailbox", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-legacy-clients-availability", "title": "MSExchange_Legacy_Clients_Availability", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-legacy-clients-performance", "title": "MSExchange_Legacy_Clients_Performance", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-legacy-clients", "title": "MSExchange_Legacy_Clients", "description": "Protocols POP3 and IMAP4 are used to access Exchange mailboxes and are disabled by default", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-mail-submission", "title": "MSExchange_Mail_Submission", "description": "The Microsoft Exchange Mail Submission service submits messages from the Mailbox server to Hub Transport servers.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-mailbox-assistants", "title": "MSExchange_Mailbox_Assistants", "description": "Monitors the activity of Microsoft Exchange Server Assistants.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-mailbox-availability", "title": "MSExchange_Mailbox_Availability", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-mailbox-performance", "title": "MSExchange_Mailbox_Performance", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-mailbox", "title": "MSExchange_Mailbox", "description": "Mailbox server role hosts both mailbox and public folder databases and also provides email message storage.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-management", "title": "MSExchange_Management", "description": "Pertaining to exchange deployment wide management via PowerShell and the exchange control panel.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-outbound-smtp", "title": "MSExchange_Outbound_SMTP", "description": "Provides details about the SMTP Send service.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-outlook-web-access", "title": "MSExchange_Outlook Web Access", "description": "Outlook Web Access, also known as Microsoft Outlook Web App, lets users access their Exchange mailbox from almost any Web browser", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-outlookanywhere", "title": "MSExchange_OutlookAnywhere", "description": "Outlook Anywhere, formerly known as RPC over HTTP, lets clients who use Microsoft Outlook 2013, Outlook 2010, or Outlook 2007 connect to their Exchange servers from outside the corporate network or over the Internet using the RPC over HTTP Windows networking component.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-pop3", "title": "MSExchange_POP3", "description": "Proxies POP3 client connections from the Client Access (frontend) services to the backend IMAP4 service on Mailbox servers.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-replication", "title": "MSExchange_Replication", "description": "Provides replication functionality for mailbox databases in a database availability groups (DAGs).", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-resource-booking", "title": "MSExchange_Resource_Booking", "description": "Monitors the activities of the Resource Booking Attendant on the Microsoft Exchange Server.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-rpc-client-access", "title": "MSExchange_RPC_Client_Access", "description": "Manages client RPC connections for Exchange.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-search-indices", "title": "MSExchange_Search_Indices", "description": "Monitors the activities of the Microsoft Exchange Search Indexer service.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-store-client-request", "title": "MSExchange_Store_Client_Request", "description": "Store Client Request Counters groups services Store Interface, Mail Submission, and Replication", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-store-driver", "title": "MSExchange_Store_Driver", "description": "The store driver is a software component of the Hub Transport Server that delivers inbound messages to Microsoft Exchange stores, the databases that contain public folder stores and mailbox stores. The store driver also retrieves messages from a user's outbox, and submits them for delivery.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-store-interface", "title": "MSExchange_Store_Interface", "description": "Monitors the interface between the Exchange Information Store service on the Mailbox Server and the Hub Transport servers.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-availability", "title": "MSExchange_Transport_Availability", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-database", "title": "MSExchange_Transport_Database", "description": "Monitors the activity of the MS Exchange Transport Database.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-disk", "title": "MSExchange_Transport_Disk", "description": "Monitors Logical and Physical disk latency.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-dumpster", "title": "MSExchange_Transport_Dumpster", "description": "Transport dumpster helps protect against data loss by maintaining a queue of successfully delivered messages that hadn't replicated to the passive mailbox database copies in the database availability group (DAG).", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-handling", "title": "MSExchange_Transport_Handling", "description": "Pertaining to add-ons in the hub transport intercepting mail delivery", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-performance", "title": "MSExchange_Transport_Performance", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport-queues", "title": "MSExchange_Transport_Queues", "description": "Provides details about the Exchange Server Transport Queues", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange-transport", "title": "MSExchange_Transport", "description": "The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchange", "title": "MSExchange", "description": "", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchangeis-client-type", "title": "MSExchangeIS_Client_Type", "description": "Provides MS Exchange IS Client Type statistics.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchangeis-client", "title": "MSExchangeIS_Client", "description": "Provides MS Exchange IS Client statistics.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchangeis-mailbox", "title": "MSExchangeIS_Mailbox", "description": "Provides details about the MSExchangeIS Mailbox Store", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchangeis-public", "title": "MSExchangeIS_Public", "description": "Represents the MS Exchange IS Public activity.", "entitlement_status": true, "installed": false, "has_dependency": true }, { "id": "da-itsi-cp-microsoft-exchange-msexchangeis", "title": "MSExchangeIS", "description": "Manages the mailbox databases on the server.", "entitlement_status": true, "installed": false, "has_dependency": true } ], "saved_searches": { "has_saved_searches": true, "has_consistent_status": true } }
itoa_interface/content_pack/refresh
Syncs itsi_content_packs.conf with locally installed content packs.
POST
Syncs locally installed content packs.
Request parameters
None.
Data payload
List of apps that were added and removed from itsi_content_packs.conf.
Return
None.
Example request
curl -k -u admin:password -X POST https://localhost:8089/servicesNS/nobody/itsi/itoa_interface/content_pack/refresh
JSON Response
{{ "success":{ "apps_added":[ "DA-ITSI-CP-CUST-example_add" ], "apps_removed":[ ] }, "failed":{ "apps_added":[ ], "apps_removed":[ ] } } }
itoa_interface/custom_threshold_windows/<object ID>/associate_service_kpi
API to link services and KPIs to a Custom threshold window object using the specific Custom threshold window ID.
POST
Displays list of the Custom threshold windows linked to services to KPIs.
Request parameters
Name | Type | Description |
---|---|---|
ctw_id | String | The Custom threshold window ID. |
Data payload
The key(s) for the Custom threshold window(s).
Return
The key(s) of the Custom threshold window(s) that linked successfully to the specified services or KPIs.
Example request
curl -k -u admin:password https://localhost.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/custom_threshold_windows/{ctw_id}/associate_service_kpi
JSON Response
{ "services": [ { "_key": "c0f4e52a-fcc2-43fd-af32-6a6e36245d11", "kpi_ids": [ "91234523-f480-438a-84e7-87a35d438910", "55556523-f480-438a-84e7-87a35d412345" ] } ] }
itoa_interface/custom_threshold_windows/<object ID>/disconnect_kpis
API to un-link services and KPIs from a Custom threshold windows object.
POST
Displays a list of Custom threshold windows un-linked from services and KPIs.
Request parameters
Name | Type | Description |
---|---|---|
ctw_id | String | The Custom threshold window ID. |
Data payload
None.
Return
The key(s) of the Custom threshold window that was successfully un-linked from the services and KPIs in the request.
Example request
curl -k -u admin:password https://localhost.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/custom_threshold_windows/{ctw_id}/disconnect_kpis
JSON Response
{ "service_kpis_dict": [ { "service_id": "df9384a8-4d6b-4868-8c1f-6caaa784f7b1", "linked_kpi_ids": [ "c24fa517cfe14254c3173739", "a895284b5e164d32516fbd20" ] } ] }
itoa_interface/custom_threshold_windows/linked_kpis
API to return the KPIs linked to a specific Custom threshold window ID.
GET
Displays a list of KPIs linked to a specific Custom threshold window.
Request parameters
Name | Type | Description |
---|---|---|
ctw_id | String | The Custom threshold window ID. |
limit | Integer | The maximum number of entries to return. 0 will return all results.
|
Data payload
The title(s) and key(s) for the linked KPIs or services.
Return
Returns a dictionary/JSON with 2 parameters:
- Linked KPIs: a dictionary of objects that contain
kpi_key
,kpi_title
,service_title
, andservice_key
- Count: the number of KPIs in the response
Example request
curl -k -u admin:password https://localhost.com:8089/servicesNS/nobody/SA-ITOA/itoa_interface/custom_threshold_windows/linked_kpis/?custom_threshold_window_id=6233c06cdfc63f69cc61aa34&limit=4'
JSON Response
{ "linked_kpis":[ { "kpi_key":"632fa0c67da8e736f747490d", "kpi_title":"0 - test service KPI 1", "service_title":"0 - test service", "service_key":"342de3d8-0008-4ac5-8929-645d295093a0" } ], "count":1 }
itoa_interface/custom_threshold_windows/${object_ID}/stop
Updates the custom threshold window's status from an Active to Stopped.
POST
Stops the custom threshold window object.
Request parameters
None.
Data payload
None.
Return
The custom threshold window object.
Example request
curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/custom_threshold_windows/92101b7a-816d-445d-8fa2-f0618704af74/stop -X POST
JSON Response
{ "start_time": 1661985419, "cron_schedule": "", "recurrence": false, "object_type": "custom_threshold_windows", "status": "stopped", "next_scheduled_time": "", "end_time": 1662071819, "sec_grp_list": [ "default_itsi_security_group" ], "last_stopped_time": 1661989152, "mod_source": "unknown", "title": "nonrecurring2", "description": "", "duration": 24, "linked_services": [ { "linked_kpi_ids": [ "cd8bc6bc8ffc1c1eabc0adc0" ], "service_id": "e3871bfe-dd65-466c-b873-24ab5ea654ab" } ], "mod_timestamp": "2022-08-31T23:39:12.971953+00:00", "_version": "4.15.0", "identifying_name": "nonrecurring2", "pause_description": "", "window_type": "percentage", "window_config_percentage": 10, "window_config_static": {}, "is_overlapping": false, "overlapping_kpis": [], "_user": "nobody", "_key": "92101b7a-816d-445d-8fa2-f0618704af74", "can_view": true, "can_link": false, "can_edit": false, "can_transition": false, }
itoa_interface/entity/retire
Retires entities based on the entity keys that you pass in.
POST
Retires selected entities. Retired entities are un-linked from associated services.
Request parameters
None.
Data payload
A dictionary that contains an entity object where the value is a list of entity key objects.
Return
The key(s) of the retired entities.
Example request
curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/retire -H "Content-Type: application/json" -X POST -d ' {"data": ["794f8938-9780-4d1b-bf65-572f17312500", "6bacec4f-d69c-4b58-98ba-5c5eaeb22d04"]}
JSON Response
["006ce5d3-be8b-4507-a6eb-67fefe0ebba0", "0d0c7949-9722-4226-bfaf-66f8fb398349", "0d53e99e-5d62-46b9-9949-80118ffd7204", "0da0a715-4d00-45dc-a2e6-fa9026eeecd8", "1248d0c7-baec-4e45-b200-d940b1803231", …. ]
itoa_interface/entity/restore
Restores retired entities. Any retired entities become active and re-associated with services in the environment.
POST
Restore entities that were retired and re-link retired entities to any associated services.
Request parameters
None.
Data payload
A dictionary that contains an entity object where the value is a list of entity key objects.
Return
The key(s) of the updated entity.
Example request
curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/restore -H "Content-Type: application/json" -X POST -d ' {"data": ["794f8938-9780-4d1b-bf65-572f17312500", "6bacec4f-d69c-4b58-98ba-5c5eaeb22d04"]}
JSON Response
{ "_key":"794f8938-9780-4d1b-bf65-572f17312500" }
itoa_interface/entity/count_retirable
Returns a list of Entities that are flagged for retirement.
GET
Displays a list of all entities marked as ready for retirement.
Request parameters
None.
Data payload
A dictionary that contains an entity object where the value is a list of entity key objects.
Return
A dictionary that contains a list of entity key objects.
Example request
curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/count_retirable
JSON Response
[ { "object_type": "entity", "title": "old_entity_37", "retirable": 1, "sec_grp": "default_itsi_security_group", "_key": "006ce5d3-be8b-4507-a6eb-67fefe0ebba0", "permissions": { "user": "admin", "group": { "read": true, "write": true, "delete": true }, "read": true, "write": true, "delete": true } }, { "object_type": "entity", "title": "old_entity_102", "retirable": 1, "sec_grp": "default_itsi_security_group", "_key": "0d0c7949-9722-4226-bfaf-66f8fb398349", "permissions": { "user": "admin", "group": { "read": true, "write": true, "delete": true }, "read": true, "write": true, "delete": true } }, { "object_type": "entity", "title": "old_entity_79", "retirable": 1, "sec_grp": "default_itsi_security_group", "_key": "0d53e99e-5d62-46b9-9949-80118ffd7204", "permissions": { "user": "admin", "group": { "read": true, "write": true, "delete": true }, "read": true, "write": true, "delete": true } }, ]
itoa_interface/entity/retire_retirable
Retires all entities that are marked for retirement. There is no way to cancel a "retire all" action once it is started.
POST
Displays a list of entities that were retired.
Request parameters
None.
Data payload
The key(s) of the entities.
Return
The key(s) of the updated entity.
Example request
curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity/retire_retirable -X POST
JSON Response
["006ce5d3-be8b-4507-a6eb-67fefe0ebba0", "0d0c7949-9722-4226-bfaf-66f8fb398349", "0d53e99e-5d62-46b9-9949-80118ffd7204", "0da0a715-4d00-45dc-a2e6-fa9026eeecd8", "1248d0c7-baec-4e45-b200-d940b1803231", …. ]
itoa_interface/entity_discovery_searches/<entity_id>
Retrieves all discovery searches for a specific entity. Requires the read_itsi_entity_discovery_searches capability.
GET
Displays a list of discovery searches.
Request parameters
None.
Data payload
None.
Return
Discovery search details for a single entity.
Example request
curl -k -u admin:Chang3d! https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/vLatest/entity_discovery_searches/search_id/ITSI%20Import%20Objects%20-%20Perfmon
JSON Response
{ "app_id": "itsi", "name": "ITSI Import Objects - Perfmon", "last_execution_time": 1698076809.1650295, "last_update_time": "2023-10-23T16:00:09.186377+00:00", "entity_status_tracking": false, "owner": "nobody", "error": null, "sharing": "global", "last_entity_discovered_time": null, "entity_count": 0, "status_breakdown": {}, "description": null, "cron_schedule": "* * * * *", "dispatch.earliest_time": "-90s", "dispatch.latest_time": "now", "disabled": "0", "next_scheduled_time": "2023-10-23 16:01:00 UTC", "search": "| mcatalog values(\"host\") as \"dimension.identifier.host\" \n [ mcatalog values(_dims) as info where metric_name=Processor.* OR metric_name=processor.* AND (`itsi_entity_type_windows_metrics_indexes`) \n earliest=-90s| append [ | makeresults | head 1 | eval info=\"no-data-placeholder\"| fields - _time]| mvexpand info| \n search info != \"punct\" AND info != \"val\" AND info != \"metric_type\" AND info != \"instance\" AND \n info != \"extracted_host\" AND info != \"cpu\" AND info != \"disk\" AND info != \"collection\" AND info != \"object\" AND \n info != \"host\"| eval search=\"values(\" . \"\\\"\" . info . \"\\\"\" . \") as \" . \"\\\"\" . \"dimension.info.\" . info . \"\\\"\" \n | fields search| mvcombine search| nomv search] where metric_name=Processor.* OR metric_name=processor.* AND \n (`itsi_entity_type_windows_metrics_indexes`) earliest=-90s by \"host\"| fields dimension.* \n | eval identifier_dimensions=\"host\" \n | foreach dimension.*[| eval is_identifier=if(match(\"<<MATCHSTR>>\", \"identifier\"), 1, 0) \n | eval dimension_key=substr(\"<<MATCHSTR>>\", len(if(is_identifier=1, \"identifier.\", \"info.\")) + 1), etype=\"Windows\"] \n | rename dimension.identifier.* AS *, dimension.info.* AS * | eval itsi_entity_id=host" }
itoa_interface/shift_time_offset
Updates settings for shifting time policies for multiple services and KPIs in bulk.
PUT
Select the KPIs and services for time policy adjustment.
Request parameters
None.
Data payload
None.
Return
Discovery search details for a single entity.
Example request
{ "offset":3600, "kpi_threshold_template":{"_keys":[<kpi_keys>]}, "service":{"_keys":[<service_keys>]} }
JSON Response
{ "message": "success" }
Event Management Interface
This interface encapsulates operations on the following ITSI event management objects:
- event_management_state
- notable_event_group
- notable_event_comment
- notable_event_aggregation_policy
- notable_event_email_template
- correlation_search
As of version 4.4.x, episode comments are append only. ITSI no longer supports update and delete operations on the notable_event_comment
object type.
Base URL
https://<splunk server like localhost>:<splunkd port like 8089>/servicesNS/<user>/<app>/event_management_interface
event_management_interface/<object_type>
API to perform bulk CRUD operations on event management objects.
GET
Get list of event management objects.
Request parameters
Name | Type | Description |
---|---|---|
is_partial_data | Boolean | 1 if the payload is a partial payload. 0 indicates the entire payload for the object schema is provided and overwrites the existing object. Default is 0.
|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
skip | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter_data | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload
None.
Return
List of objects queried.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group/\?limit\=1
JSON Response
[ { "_owner":"nobody", "severity":"1", "owner":"unassigned", "create_time":1497563236.63525, "_key":"000f91af-ac7d-45e2-a498-5c4b6fe96431", "object_type":"notable_event_group", "status":"5", "_user":"nobody", "mod_time":1497563236.63525 } ]
POST
Create new event management objects.
Request parameters
None.
Data payload
Dictionary of valid schema for the object types for POST. POST is considered an upsert. See ITSI REST API schema.
Return
The key of the object created.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group -X POST -H "Content-Type:application/json" -d '{"data":{"status":"1","severity":"4","_key":"004b2eed-4551-481f-9487-9cf96b58e59d"}}'
JSON Response
{ "_key":"004b2eed-4551-481f-9487-9cf96b58e59d" }
DELETE
Delete event management objects.
Request parameters
Name | Type | Description |
---|---|---|
is_partial_data | Boolean | 1 if the payload is a partial payload. 0 indicates the entire payload for the object schema is provided and overwrites the existing object. Default is 0.
|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
skip | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter_data | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
ids | String | A formatted list of event (object) IDs where each ID is a string. Sample: '["foo"]' |
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group/?filter='{"_key":"004b2eed-4551-481f-9487-9cf96b58e59d"}' -X DELETE
To prevent accidental deletion of good data, make sure to use the correct filter syntax. Incorrect filter syntax will cause all rows to be deleted for the object type. A better method for deletion is to use a key, such as "60d9300f-0942-4bda-bdec-5ad4baf633b6", rather than a filter.
JSON Response
event_management_interface/<object_type>/<_key>
API to perform CRUD operations on a single object. The key is the value populated in the _key
field returned in the REST call for upsert.
Note: Closing an episode through the API changes its status to Closed but doesn't break the episode, so it continues to receive events. To break an episode through the API, you must make two REST calls. For instructions, see Modify episode fields through the REST API in the Event Analytics manual.
GET
Get information about an event management object such as an episode or an aggregation policy.
Request parameters
None.
Data Payload
None.
Return
A JSON object of key-value pairs describing the object queried.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group/<_key>
JSON Response
{ "_owner":"nobody", "severity":"1", "owner":"unassigned", "create_time":1497563236.63525, "_key":"000f91af-ac7d-45e2-a498-5c4b6fe96431", "object_type":"notable_event_group", "status":"5", "_user":"nobody", "mod_time":1497563236.63525 }
POST
Update specific fields within an event management object.
Request parameters
Name | Type | Description |
---|---|---|
is_partial_data | Boolean | 1 if the payload is a partial payload. 0 indicates the entire payload for the object schema is provided and overwrites the existing object. Default is 0.
|
Return
The key of the updated object.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group/id/?is_partial_data=1 -X POST -H "Content-Type:application/json" -d '{"severity": "6"}'
JSON Response
{ "_key":"dae39a42-d470-11e6-9b30-a0999b0be454" }
event_management_interface/<object_type>/count
API to get a count of event management objects of a specific type. For example, you could retrieve a count of aggregation policies or correlation searches in your environment.
GET
Get a count of objects of a specific type.
Request parameters
Name | Type | Description |
---|---|---|
filter | String | MongoDB syntax of rules expressions to filter the objects. See How to use the filter parameter.
If no filter is specified, "all" is assumed. |
Return
Count of objects of the object type that match the filter criteria, if provided. Otherwise returns a count of all objects of that type.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group/count/?filter_data='{"status":"2"}'
JSON Response
{ "count":1492 }
event_management_interface/notable_event_actions
API to get a list of available episode actions, such as running a script or sending an email.
GET
Get list of available episode actions.
Request parameters
None.
Data payload
None.
Return
List of actions configured.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_actions
JSON Response
[ { "label":"Remedy Incident Integration", "type":"external_ticket", "is_group_compatible":0, "action_name":"remedy_incident", "execute_once_per_group":0, "execute_in_sync":"1", "is_bulk_compatible":"0" }, { "label":"Link Ticket", "type":"", "is_group_compatible":0, "action_name":"itsi_event_action_link_ticket", "execute_once_per_group":0, "execute_in_sync":"1", "is_bulk_compatible":"1" }, { "label":"Add reference link", "type":"", "is_group_compatible":0, "action_name":"itsi_event_action_link_url", "execute_once_per_group":0, "execute_in_sync":"1", "is_bulk_compatible":"1" }, { "label":"Send email", "type":"", "is_group_compatible":0, "action_name":"email", "execute_once_per_group":0, "execute_in_sync":0, "is_bulk_compatible":"0" }, { "label":"Send to Phantom", "type":"", "is_group_compatible":0, "action_name":"itsi_event_action_send_to_phantom", "execute_once_per_group":0, "execute_in_sync":0, "is_bulk_compatible":"0" }, { "label":"Ping host", "type":"", "is_group_compatible":0, "action_name":"itsi_sample_event_action_ping", "execute_once_per_group":"0", "execute_in_sync":0, "is_bulk_compatible":"0" }, { "label":"ServiceNow Incident Integration", "type":"external_ticket", "is_group_compatible":0, "action_name":"snow_incident", "execute_once_per_group":0, "execute_in_sync":"1", "is_bulk_compatible":"1" }, { "label":"VictorOps", "type":"", "is_group_compatible":0, "action_name":"victorops", "execute_once_per_group":0, "execute_in_sync":"1", "is_bulk_compatible":"0" }, { "label":"Run a script", "type":"", "is_group_compatible":0, "action_name":"script", "execute_once_per_group":0, "execute_in_sync":0, "is_bulk_compatible":"0" } ]
event_management_interface/notable_event_actions/<action_name>
API to get information about an episode action or execute a configured episode action. The action name is the action_name
field returned in a GET request to the event_management_interface/notable_event_actions endpoint.
GET
Get information about an episode action.
Request parameters
None.
Data payload
None.
Return
Configuration information for the action.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_actions/script
JSON Response
{ "ttl":600, "filename":"", "eai:userName":"nobody", "eai:acl":null, "track_alert":true, "maxresults":10000, "description":"Invoke a custom script", "label":"Run a script", "maxtime":"5m", "eai:appName":"SA-ITOA", "disabled":false, "hostname":"", "icon_path":"mod_alert_icon_script.png", "command":"runshellscript \"$action.script.filename$\" \"$results.count$\" \"$search$\" \"$search$\" \"$name$\" \"Saved Search [$name$] $counttype$($results.count$)\" \"$results.url$\" \"$deprecated_arg$\" \"$search_id$\" \"$results.file$\" maxtime=\"$action.script.maxtime{default=5m}$\"" }
POST
Execute a configured episode action.
Request parameters
None.
Data payload
Parameters specific to the action type.
Return
The name and ID of the executed action.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_actions/script -X POST -H "Content-Type:application/json" -d '{"params": {"filename": "foo"}, "ids": ["id"]}'
JSON Response
[ { "action_name":"script", "ids":[ "id" ], "sid":"1483652397.71556" } ]
event_management_interface/ticketing
API to perform bulk upsert operations for episode tickets.
POST
Create new objects by object type.
Request parameters
None.
Data payload
The following parameters are required:
Name | Type | Description |
---|---|---|
id | String | Episode identifiers as a list of strings that will be linked to the ticket. |
ticket_system | String | A string identifying the name of the ticketing system. For example, Jira, ServiceNow, or Remedy. |
ticket_id | String | The unique identifier of the ticket. |
ticket_url | String | The URL of the ticket to link. |
Return
The key of the object created.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/ticketing -X POST -H "Content-Type:application/json" -d '{"id": "itsi_group_id", "ticket_system" : "ServiceNow", "ticket_id": "49454", "ticket_url": "http://ticketsystemuri/49454"}'
JSON Response
{ "6ef7a835-d77d-11e6-a03b-a0999b0be41f" }
event_management_interface/ticketing/<notable event key>
API to get, create, and update an episode's ticket links.
GET
Get information about tickets linked to an episode.
Request parameters
Name | Type | Description |
---|---|---|
ids | String | Episode identifiers as a list of strings linked to the ticket. |
ticket_system | String | String identifying the ticketing system. For example, Jira, ServiceNow, or Remedy. |
ticket_id | String | The unique identifier of the ticket. |
ticket_url | String | The URL of the ticket to link. |
Return
Updated ticketing linkage information for the episode.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/ticketing/id
JSON Response
[
{ "ticket_system":"jira", "_user":"nobody", "event_id":"49eddb9e-53e9-11e7-9e86-005056923ff0", "_key":"252a9999-53f6-11e7-a770-acbc32b40b9d", "tickets":[ { "ticket_system":"jira", "ticket_url":"https://jira.com/123", "ticket_id":"123" } ], "object_type":"external_ticket" }
]
POST
Link a ticket to an episode.
Request parameters
Name | Type | Description |
---|---|---|
ids | String | Episode identifiers as a list of strings to link to the ticket. |
ticket_system | String | String identifying the type of ticketing system. For example, Jira, ServiceNow, or Remedy. |
ticket_id | String | The unique identifier of the ticket to link to the episode. |
ticket_url | String | The URL of the ticket to link to the episode. |
Return
The unique identifier of the created ticket link.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/ticketing/id -X POST -H "Content-Type:application/json" -d '{<payload for ticketing>}'
JSON Response
[ "252a9999-53f6-11e7-a770-acbc32b40b9d" ]
event_management_interface/ticketing/<episode identifier>/<ticketing system>/<ticket identifier>
API to delete ticket links from an episode to a specific ticket.
DELETE
Delete ticket link for an episode.
Request parameters
None.
Data payload
None.
Return None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/ticketing/id/jira/jira_ticket_id -X DELETE
JSON Response
None.
event_management_interface/episode_export
API to create, get, and delete CSV exports.
POST
Create a new CSV files.
Request parameters
None.
Data payload
The following parameters are required:
Name | Type | Description |
---|---|---|
filename | String | File identification name for CSV generated. |
search_string | String | Search string that returns table of episodes with columns to export. |
earliest_time | String | earliest_time to run the search_string. |
latest_time | String | latest_time to run the search_string |
columns_to_export | List | List of columns to export in the CSV file. |
Return The key of the object created.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export -X POST -H "Content-Type:application/json" -d '{"filename":"test","search_string":"| tstats values(itsi_service_ids) as group_service_ids,last(itsi_group_ace_category_values) AS itsi_group_ace_category_values,last(itsi_group_ace_text_values) AS itsi_group_ace_text_values,earliest(itsi_first_event_time) AS _first_time,earliest(itsi_earliest_event_time) AS _earliest_time,latest(itsi_last_event_time) AS _last_time,first(itsi_policy_id) AS policy_id,values(itsi_is_first_event) AS _group_front_closed WHERE `itsi_event_management_group_index` BY itsi_group_id | lookup itsi_notable_group_user_lookup _key AS itsi_group_id OUTPUT owner AS group_owner severity AS group_severity status AS group_status instruction AS group_instruction| lookup itsi_notable_group_system_lookup _key AS itsi_group_id OUTPUT title AS group_title description AS group_description start_time AS group_start_time last_time AS group_last_time is_active event_count AS group_event_count itsi_policy_id | eval first_event_time = strftime(_first_time, \"%m/%d/%Y %I:%M:%S %p\")| eval last_event_time = strftime(_last_time, \"%m/%d/%Y %I:%M:%S %p\")| eval group_start_time = strftime(group_start_time, \"%m/%d/%Y %I:%M:%S %p\")| eval group_last_time = strftime(group_last_time, \"%m/%d/%Y %I:%M:%S %p\")| eval group_id=itsi_group_id, is_ace_enabled=if(isnull(itsi_group_ace_text_values) AND isnull(itsi_group_ace_category_values), \"False\", \"True\")| rename itsi_group_id AS event_identifier_hash, start_time as _group_first_time, last_time as _group_last_time| where isnotnull(group_event_count) | addinfo| eval _group_back_closed=if(_last_time = 0, 0, 1), _group_front_closed=if(isnotnull(mvfind(_group_front_closed, \"true\")), 1, 0)| eval _last_time=if(_group_back_closed = 0, info_max_time, _last_time), _itsi_is_group_broken = if(is_active == 1, 0, 1)| search group_status=* | fillnull value=\"null\" comments group_title group_description group_owner group_status group_severity group_instruction group_last_time group_start_time group_id | table event_identifier_hash, comments, group_title, group_description, group_owner, group_status, group_severity, group_instruction, group_last_time, group_start_time, group_id, | rename comments AS \"comments\" | rename group_title AS \"Group title\" | rename group_description AS \"Group description\" | rename group_owner AS \"Group owner\" | rename group_status AS \"Group status\" | rename group_severity AS \"Group severity\" | rename group_instruction AS \"Group instruction\" | rename group_last_time AS \"Group last time\" | rename group_start_time AS \"Group start time\" | rename group_id AS \"Group id\"","earliest_time":"-24h","latest_time":"now","columns_to_export":["comments","Group title","Group description","Group owner","Group status","Group severity","Group instruction","Group last time","Group start time"]}'
JSON Response
{ "_key": "6615358d609b9126de51167c", "filename": "test_2024-04-09_18:03:17.csv" }
GET
Get the JSON response for the status of the export.
Request parameters
Name | Type | Description |
---|---|---|
filter_data | String |
Data payload
None.
Return
List of export objects.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export
JSON Response
[ { "mod_time": 1712666063.169315, "export_filename": "test1_2024-04-09_18:03:17.csv", "created_time": 1712665997.6362543, "status": "COMPLETED", "_owner": "admin", "object_type": "event_management_export", "_user": "nobody", "_key": "6615358d609b9126de51167c" }, { "mod_time": 1712666148.232998, "export_filename": "test1_2024-04-09_18:04:52.csv", "created_time": 1712666092.6382387, "status": "COMPLETED", "_owner": "admin", "object_type": "event_management_export", "_user": "nobody", "_key": "661535ec609b9126de51168e" } ]
DELETE
Bulk delete the export objects and generated CSV file.
Request parameters
Name | Type | Description |
---|---|---|
filter_data | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload
None.
Return None.
Example request and response
url -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export -X DELETE
JSON Response
None.
event_management_interface/episode_export/<_key>
API to get and delete csv exports using _key.
GET
Get JSON response of the status of the export.
Request parameters
None.
Data payload
None.
Return None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export/6615358d609b9126de51167c
JSON Response
[ { "mod_time": 1712666063.169315, "export_filename": "test1_2024-04-09_18:03:17.csv", "created_time": 1712665997.6362543, "status": "COMPLETED", "_owner": "admin", "object_type": "event_management_export", "_user": "nobody", "_key": "6615358d609b9126de51167c" } ]
DELETE
Delete the export objects and generated CSV file with the key.
Request parameters
None.
Data payload
None.
Return None.
Example request and response
url -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export/66166e84609b9126de516f72 -X DELETE
JSON Response
None.
event_management_interface/episode_export/file/<filename>
API call to download and delete file from a specified file name.
GET
Download the CSV file.
Request parameters
None.
Data payload
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export/file/test_2_2024-04-10_18:30:13.csv
Returns
The CSV file object.
DELETE
Delete a specified CSV file and data from the collection.
Request parameters
None.
Data payload
None.
Return None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/episode_export/file/test_2_2024-04-10_18:30:13.csv -X DELETE
JSON Response
File will be deleted.
Maintenance Services Interface
This interface encapsulates operations on ITSI maintenance windows. The supported object type is maintenance_calendar
. For more information about maintenance windows and their downstream effects, see Overview of maintenance windows in ITSI in the Administration Manual.
Base URL
https://<splunk server like localhost>:<splunkd port like 8089>/servicesNS/<user>/<app>/maintenance_services_interface
maintenance_services_interface/get_supported_object_types
API to get the list of supported objects types in the maintenance services interface.
GET
Gets list of objects supported in the maintenance services interface.
Request parameters
None.
Data payload
None.
Return
List of object types.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/get_supported_object_types
JSON Response
[ "maintenance_calendar" ]
maintenance_services_interface/<object_type>
API to perform bulk CRUD operations on maintenance windows and create individual maintenance windows in your environment.
GET
Get a list of maintenance windows in your environment.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload
None.
Return
A list of maintenance windows that currently exist in your environment. You can only see maintenance windows to which you have read access.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar/?limit=20&fields=title
JSON Response
[ { "_version":"3.0.0", "sec_grp_list":[ "default_itsi_security_group" ], "objects":[ { "object_type":"service", "_key":"95c99846-404f-4c92-9923-2a8c8594bff1" } ], "end_time":1474945061, "_key":"57ebfc569266826c1c3258b7", "mod_timestamp":"2016-09-28 10:22:30.085749", "object_type":"maintenance_calendar", "start_time":1474941460, "title":"curl_mw1", "mod_source":"REST", "identifying_name":"curl_mw1", "_user":"nobody" } ]
POST
Create one or more maintenance windows.
Request parameters
None.
Data payload
Dictionary of valid schema for the maintenance_calendar
object type. See Maintenance Calendar in the REST API schema.
Return
The key of the created maintenance window.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar -X POST -H "Content-Type:application/json" -d '{"title":"foo","start_time":0,"end_time":1,"objects":[{"object_type":"entity","_key":"id"}]}'
JSON Response
{ "_key":"57ebfc569266826c1c3258b7" }
DELETE
Delete one or more maintenance windows.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload:
None.
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar/?filter='{"title":"maintenance_calendar_title"}' -X DELETE
To prevent accidental deletion of good data, make sure to use the correct filter syntax. Incorrect filter syntax will cause all rows to be deleted for the object type. A better method for deletion is to use a _key, such as "60d9300f-0942-4bda-bdec-5ad4baf633b6", rather than a filter.
JSON Response
maintenance_services_interface/<object_type>/<_key>
API to perform CRUD operations on single maintenance windows. The _key is the value returned in the POST or GET request.
GET
Get information about a single maintenance window.
Request parameters
None.
Data payload
None.
Return
Information about the maintenance window, including any services or entities within it, its title, and its start and end time.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar/<_key>/
JSON Response
{ "objects":[ { "object_type":"service", "_key":"09dd51c2-9fc7-4aa4-9f39-da59ac6b6244" }, { "object_type":"service", "_key":"9e830f4c-47e0-409c-b883-aaeec62ae220" } ], "_owner":"nobody", "_user":"nobody", "object_type":"maintenance_calendar", "start_time":1485457133.415, "_key":"586bf4379266822c631aa2ce", "mod_timestamp":"2017-01-05T21:03:54.366131+00:00", "_version":"2.5.0", "title":"Indefinite MW", "identifying_name":"indefinite mw", "end_time":2147414400, "mod_source":"REST" }
POST
Create a single maintenance window and assign it a unique key.
Request parameters
None.
Data payload
Dictionary of valid schema for the maintenance_calendar
object type. See Maintenance Calendar in the REST API schema.
Return
The key of the maintenance window created.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar/57ebfc569266826c1c3258b7/?is_partial_data=1 -X POST -H "Content-Type:application/json" -d '{"end_time": 2}'
JSON Response
{ "_key":"60d9300f-0942-4bda-bdec-5ad4baf633b6" }
DELETE
Delete a single maintenance window by key.
Request parameters
None.
Data payload:
None.
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar/57ebfc569266826c1c3258b7 -X DELETE
JSON Response
maintenance_services_interface/<object_type>/count
API to get a count of maintenance windows in your environment. The count only applies to maintenance windows to which you have read access.
GET
Get a count of maintenance windows in your environment.
Request parameters
Name | Type | Description |
---|---|---|
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload
None.
Return
Count of maintenance windows that match the filter criteria. If you don't provide filter criteria, all maintenance windows are counted.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/maintenance_services_interface/maintenance_calendar/count
JSON Response
{ "count":3 }
Backup Restore Interface
This interface encapsulates operations on ITSI backup and restore jobs. The supported object type is backup_restore
. For more information about full and partial backups and restores, see Overview of backing up and restoring ITSI KV store data.
You can't delete the default scheduled backup through a REST API endpoint using either bulk delete or single object delete operations.
Base URL
https://<splunk server like localhost>:<splunkd port like 8089>/servicesNS/<user>/<app>/backup_restore_interface
backup_restore_interface/<object_type>
API to perform bulk CRUD operations on ITSI backups and restores.
GET
Get list of ITSI backup and restore jobs in your environment.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload
None.
Return
A list of backup and restore jobs that exist in your environment. You can only see jobs to which you have read access.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore/?limit=20&fields=title
JSON Response
[ { "end_time":1483468619.08406, "job_type":"Backup", "create_time":"2017-01-03 10:38:20", "_owner":"nobody", "search_head_id":"95AA5138-51C5-4B97-931E-015B994DF970", "rules":[ ], "mod_source":"REST", "_version":"2.5.0", "status":"Completed", "start_time":1483468614.67937, "path":"/usr/local/bamboo/splunk-install/current/var/itsi/backups/53ba7baf-d445-434a-b088-6e2c1fd91f70/backup", "splunk_server":"", "mod_timestamp":"2017-01-03T18:36:59.096707+00:00", "object_type":"backup_restore", "last_queued_time":1483468614.05747, "last_error":"None", "identifying_name":"a bu job", "title":"A BU Job", "_user":"nobody", "_key":"53ba7baf-d445-434a-b088-6e2c1fd91f70" } ]
POST
Create new backup and restore jobs.
Request parameters
None.
Data payload
Dictionary of valid schema for the object type. See ITSI REST API schema.
Return
The key of the backup or restore created.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore -X POST -H "Content-Type:application/json" -d '{"title": "foo", "job_type": "Backup", "status": "Queued"}'
JSON Response
{ "_key":"de0d5222-fbfd-4ce0-b476-a34a181b1e8b" }
DELETE
Delete one or more backup or restore jobs.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
Data payload:
None.
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore?fields='title''&'filter='{"title":"bar"}' -X DELETE
To prevent accidental deletion of data, make sure to use the correct filter syntax. Incorrect filter syntax deletes all instances of the specified object type. A better method for deletion is to use an object's key, such as "60d9300f-0942-4bda-bdec-5ad4baf633b6", rather than a filter.
JSON Response
backup_restore_interface/<object_type>/<_key>
API to perform CRUD operations on a single backup or restore job. The key is the value populated in its _key field returned in a GET or POST call.
GET
Get information about a backup or restore job.
Request parameters
None.
Data Payload
None.
Return
Identifying information for the backup or restore job, including the type of job, the ITSI version it was created on, and date and time it was created.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore/<_key>
JSON Response
{ "identifying_name":"a bu job", "mod_timestamp":"2017-01-03T18:36:59.096707+00:00", "_owner":"nobody", "status":"Completed", "job_type":"Backup", "object_type":"backup_restore", "_user":"nobody", "rules":[ ], "_version":"4.7.0", "_key":"53ba7baf-d445-434a-b088-6e2c1fd91f70", "create_time":"2017-01-03 10:38:20", "mod_source":"REST", "splunk_server":"", "end_time":1483468619.08406, "start_time":1483468614.67937, "search_head_id":"95AA5138-51C5-4B97-931E-015B994DF970", "title":"A BU Job", "path":"/usr/local/bamboo/splunk-install/current/var/itsi/backups/53ba7baf-d445-434a-b088-6e2c1fd91f70/backup", "last_error":"None", "last_queued_time":1483468614.05747 }
POST
Update a backup or restore job.
Request parameters
Name | Type | Description |
---|---|---|
is_partial_data: | Boolean | 1 if the payload is a partial payload. 0 indicates the entire payload for the object schema is provided and overwrites the existing object. Default is 0.
|
Return
The key of the backup or restore job that was updated.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore/<_key>/?is_partial_data=1 -X POST -H "Content-Type:application/json" -d '{"description": "New description"}'
JSON Response
{ "_key":"<object identifier>" }
DELETE
Delete a backup or restore job.
Request parameters
None.
Data payload None.
Return
None.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore/<_key> -X DELETE
JSON Response
backup_restore_interface/<object_type>/count
API to get count backup and restore jobs in your ITSI environment. You can only see jobs to which you have write access.
GET
Get a count of backup and restore jobs in your environment.
Request parameters
Name | Type | Description |
---|---|---|
filter | String | MongoDB syntax of rules expressions to filter the objects. See How to use the filter parameter.
If no filter is specified, "all" is assumed. |
Data payload
None.
Return
Count of backup and restore jobs that match the filter criteria, if provided. Otherwise returns a count of all jobs.
Example request and response
curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/backup_restore_interface/backup_restore/count
JSON Response
{ "count":1 }
Glass Table Icon Interface
This interface encapsulates operations on glass table icons in the KV store.
Base URL
https://<splunk server like localhost>:<splunkd port like 8089>/services/SA-ITOA/v1/icon_collection
services/SA-ITOA/v1/icon_collection
API to perform CRUD operations for glass table icons in the KV store.
GET
Returns a list of icons in the KV store icon library.
Request parameters
Name | Type | Description |
---|---|---|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
limit | Integer | The maximum number of entries to return. If limit isn't set, all entries are returned.
|
offset | Integer | The number of entries to skip from the start. Used primarily for paging. |
fields | String | A comma-separated list of field names to select from the results. |
filter | String | MongoDB syntax of rules expressions to filter the payload. See How to use the filter parameter. |
list_categories | Boolean | If set to 1, returns the full list of categories found among the icons. |
category | String | When set, only returns icons under the specified category. |
Data payload
None.
Return
List of objects queried. If list_categories = 1
, returns a list of JSON objects containing the following elements:
name
- The title of the categoryimmutable
- When present, the category can't be modified. Immutable categories are made up of icons imported from configuration files with an automated script in ITSI. They're immutable to prevent the KV store from becoming out of sync with the configuration files.
Example request and response
curl -k -u admin:password https://localhost:8089/services/SA-ITOA/v1/icon_collection?fields=title,_key
JSON Response
{ "total":47, "result":[ { "_key":"5a9eb1e07bc52f76a2326e41", "title":"500pxa" }, { "_key":"5a9eb1e07bc52f76a2326e44", "title":"Active Directory" }, ... ] }
Example request and response
curl -k -u admin:changeme https://localhost:8089/services/SA-ITOA/v1/icon_collection?list_categories=1
JSON Response
Formatted JSON Data [ { "immutable":1, "name":"Application" }, { "immutable":1, "name":"Splunk" }, { "immutable":1, "name":"a123" }, { "immutable":1, "name":"sdfsd" } ]
POST
Bulk create or update multiple glass table icons.
Request parameters
A list of JSON objects with icon data.
Name | Type | Description |
---|---|---|
sort_key | String | Name of field to sort by. |
sort_dir | Integer | How to sort the results. 1 for ascending and 0 for descending.
|
title | String | The title of the icon. |
svg_path | String | The path to the icon SVG file. |
default_width | String | The width of the icon in pixels. |
default_height | String | The height of the icon in pixels. |
category | String | The category under which to store the icon. |
See ITSI REST API schema for a dictionary of valid schema for the object type.
Return
The key of the icon or icons saved in the KV store.
Example request and response
curl -k -u admin:password https://localhost:8089/services/SA-ITOA/v1/icon_collection -X PUT --data-binary '[{"svg_path":"<path>","default_width":1036.33,"title":"Android","default_height":1152,"category":"Phone Icons"}]'
JSON Response
[ "5afc83237bc52f686e5023c1" ]
DELETE
Delete all glass table icons in the KV store icon library.
Request parameters
Name | Type | Description |
---|---|---|
category | String | When set, deletes all glass table icons in the specified category. |
Data payload:
None.
Return
Success message.
Example request and response
To delete all icons from KV store, run the following command:
curl -k -u admin:password https://localhost:8089/services/SA-ITOA/v1/icon_collection?category=* -X DELETE
JSON Response
{ "Deleted":"True" }
services/SA-ITOA/v1/icon_collection/<_key>
Delete a glass table icon.
DELETE
Deletes the icon provided in the _key
field.
Request parameters
None.
Data payload:
None.
Return
Success message.
Example request and response
curl -k -u admin:password https://localhost:8089/services/SA-ITOA/v1/icon_collection/5a9eb1e07bc52f76a2326e41 -X DELETE
JSON Response
{ "Deleted":"True" }
ITSI REST API schema |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.19.0, 4.19.1, 4.19.2
Feedback submitted, thanks!