Splunk® Phantom (Legacy)

REST API Reference for Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

REST Warm standby

API endpoints for getting warm standby information.


To determine is a instance is part of a warm standby configuration an HTTP GET is made to /warm_standby_check.




Warm standby check

Example request
Check to see if an instance is configured as the standby in a warm standby pair.

curl -k -u admin:changeme https://localhost/warm_standby_check -G -X GET

Example response
A successful GET will return either 500 or 200.

  • If the instance is the standby in a warm standby pair, the API will return 500.
  • If the instance is either the primary in warm standby pair, or if warm standby is not configured, the API will return 200.

The API will return a result of 500 if used on a cluster node.

clusters cannot use the warm standby feature.
Last modified on 07 September, 2021
REST Vault   REST Workbook

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters