Bulk Create and Update Records
Records can be created and updated in bulk. The bulk create and bulk update operations behave differently than you might expect.
The bulk operations do not perform transactional edits. A transactional edit means that either all of the updates succeed or none succeed.
The result of a bulk API call can be that half of the operations succeed and half fail, but the return is an HTTP 200 success status code if at least one operation succeeds.
The bulk operations return a list of the response bodies that are generated, as if the client had called the create or update API many times.
Therefore, the following scenario is possible:
- You send a bulk update request to modify 100 records.
- All but one of the records fails.
- You get an HTTP 200 response.
- You don't check the individual statuses of each update operation.
- You think that all is well, but you don't realize that 99 records did not get updated.
One example of a bulk operation is creating bulk container notes.
Example request
The following example request is missing a required parameter in the JSON body for container Id 4.
curl -k -u admin:password https://127.0.0.1:8443/rest/note \ -d '[{ "container_id": 1, "phase": 2, "author_id": 1, "title": "example1", "note_type": "general", "content": "hello world" }, { "container_id": 2, "phase": 2, "author_id": 1, "title": "example2", "note_type": "general", "content": "hello world" }, { "container_id": 3, "phase": 2, "author_id": 1, "title": "example3", "note_type": "general", "content": "hello world" }, { "container_id": 4, "phase": 2, "author_id": 1, "title": "example4" } ]'
Example response
The body of the following example response shows the success messages for the Ids of the newly created notes, with the exception of one failure.
[{ "id": 4, "success": true }, { "id": 5, "success": true }, { "id": 6, "success": true }, { "failed": true, "message": "Missing required parameter: note_type" }]
See /rest/note for further information about notes.
Verify the response body of any bulk operation to make sure that all records are created or updated.
Update Records | Delete Records |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!