Splunk® SOAR (Cloud)

REST API Reference for Splunk SOAR (Cloud)

The visual editor for classic playbooks is now removed. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:

REST Command Run

Administer your system with system management commands.

/rest/command_run

Syntax 

https://<username>:<password>@<instance_name>/rest/command_run

Usage details
The account used must have the following permissions depending on the type of request:

  • GET - View System Settings permissions
  • POST - Edit System Settings permissions

POST

Runs the specified command in the background, providing a run ID to check the status.

Request parameters
See Create a container for the full parameters.

Example request
JSON body:

  • name: name of command to run (for example, diag)
  • args: Array of argument values, as you would pass them when running a command on the terminal, with each array element being a space separated terminal argument.
curl -k -u soar_local_admin:changeme https://localhost/rest/command_run \
-d '[
{
"name": "playbooks_to_py3",
"args": ["local/testplaybook", "local"]
}
]'

Example response
A successful POST returns a success indicator and the Id of the updated container. 

[
{
"success": true,
"id": <id>;
}
]

GET

Get the status of all command runs executed.

Request parameters
A GET request to the /rest/command_run endpoint requires no arguments and returns a list.

Example request
Get the status of all command runs executed. 

curl -X GET -u 'https://<username>:<password>@<instance_name>/rest/command_run

Example response
A successful GET will return a 200 response, and a JSON formatted list of the installed and launched automation brokers and their settings. 

{
tbd
}

/rest/command_run/<id>

Syntax 

https://<username>:<password>@<instance_name>/rest/command_run/<id>

Usage details
The account used must have the following permissions depending on the type of request:

  • GET - View System Settings permissions
  • POST - Edit System Settings permissions


GET

Get the status of all command runs executed.

Request parameters
A GET request to the /rest/command_run/<id> endpoint requires no arguments and returns a list.

Example request
Get the status of a particular command run by its ID. 

curl -X GET -u 'https://<username>:<password>@<instance_name>/rest/command_run/<id>

Example response
A successful GET will return a 200 response, and a JSON formatted list with fields for id, status, start_time, end_time, command_name, and output. 

{
tbd
}
Last modified on 20 February, 2025
REST Tenant   REST Feature Flag

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters