Splunk® Enterprise

REST API Reference Manual

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

What's in this manual

Introduction to Splunk's REST API

About the Splunk REST API
Basic introduction to Splunk RESTful services. Lists API endpoints new with Splunk 4.2.3.

How to use the Splunk REST API
Describes HTTP operations supported.

Splunk's Atom Feed response to REST operations
Details the structure of REST responses to operations.

Accessing Splunk resources
Details how to access Splunk services. Includes a section describing Splunk's layering of resources and which endpoints to use to access them.

Accessing and updating Splunk configurations
Shows the endpoints to use to access and update Splunk configuration files.

Examples using the Splunk REST API
Some examples of common Splunk REST API calls.

Additional examples and tutorials
Links to examples and tutorials available from the Splunk Dev Portal.

REST API Reference

Groups Splunk endpoints according to the following categories:

Access control
Authorize and authenticate users.

Install applications and application templates into a Splunk instance.

Configure and manage master and peer nodes in a cluster.

Access and modify Splunk configuration files and settings.

Manage deployment servers and clients.

Create and manage data indexes.

Manage data sent to Splunk servers.

Define data configurations indexed and searched by Splunk.

Manage licensing configurations.

Manage the configuration of data sent from Splunk forwarders.

Manage searches, alerts, and view objects generated from searches.

Manage Splunk server configurations.

REST API Endpoints
Alphabetical list of all Splunk REST API endpoints.

REST API Endpoints

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters