Splunk® Enterprise

REST API Reference Manual

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Deployment

Use the Deployment endpoints to manage deployment servers and clients.

deployment/*
Access and configure Splunk deployment servers and deployment clients.


search/distributed/config*
Access and manage distributed search configurations.


deployment/client

Provides access to deployment client configuration and status.

GET deployment/client

Returns the status of the deployment client in this Splunk instance, including the host/port of its deployment server, and which server classes it is a part of.

A deployment client is a Splunk instance remotely configured by a deployment server. A Splunk instance can be both a deployment server and client at the same time. A Splunk deployment client belongs to one or more server classes.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view deployment client status.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
disabled Indicates if the deployment client is disabled.
serverClasses The server classes to which this client belongs.
targetUri URI of the deployment server for this deployment client.

Example

Retrieves deployment client status.


curl -k -u admin:pass https://localhost:8089/services/deployment/client


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentclient</title>
  <id>https://localhost:8089/services/deployment/client</id>
  <updated>2011-07-11T00:35:37-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>deployment-client</title>
    <id>https://localhost:8089/services/deployment/client/deployment-client</id>
    <updated>2011-07-11T00:35:37-07:00</updated>
    <link href="/services/deployment/client/deployment-client" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/deployment/client/deployment-client" rel="list"/>
    <link href="/services/deployment/client/deployment-client" rel="edit"/>
    <link href="/services/deployment/client/deployment-client/reload" rel="reload"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="serverClasses">
          <s:list>
            <s:item>dstest:dstestapp</s:item>
          </s:list>
        </s:key>
        <s:key name="targetUri">essplunk:8089</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

deployment/client/{name}

GET deployment/client/{name}

Returns the configuration for the named deployment client. The only valid name here is "deployment-client". This is identical to accessing deployment/client without specifying a name.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view deployment client.
404 Deployment client does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

Identical to retrieving deployment/client. Note that "deployment-client" is the only valid name here.


curl -k -u admin:pass https://localhost:8089/services/deployment/client/deployment-client


See response for deployment/client.

POST deployment/client/{name}

Updates the configuration for this deployment client.

Request

Name Type Required Default Description
disabled Boolean If true, disables this deployment client.
targetUri String URI of the deployment server for this deployment client.

Include the management port the server is listening on. For example:

deployment_server_uri:mgmtPort

The default management port is 8089.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit deployment client.
404 Deployment client does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

Switch to being a client of the deployment server hosted at tiny:8089. Note that "deployment-client" is the only valid name here.


curl -k -u admin:pass https://localhost:8089/services/deployment/client/deployment-client \
	-d targetUri=tiny:8089


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentclient</title>
  <id>https://localhost:8089/services/deployment/client</id>
  <updated>2011-07-11T00:39:17-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
</feed>

deployment/client/{name}/reload

GET deployment/client/{name}/reload

Restarts the deployment client, reloading configuration from disk.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Deployment client restarted successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to restart deployment client.
404 Deployment client does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
disabled Indicates if the deployment client is disabled.
serverClasses Reloads server class configuration.
targetUri URI of the deployment server for this deployment client.

Example

Reload the deployment client configuration from disk. Note that "deployment-client" is the only valid name here.


curl -k -u admin:pass https://localhost:8089/services/deployment/client/deployment-client/reload


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentclient</title>
  <id>https://localhost:8089/services/deployment/client</id>
  <updated>2011-07-11T00:39:23-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>deployment-client</title>
    <id>https://localhost:8089/services/deployment/client/deployment-client</id>
    <updated>2011-07-11T00:39:23-07:00</updated>
    <link href="/services/deployment/client/deployment-client" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/deployment/client/deployment-client" rel="list"/>
    <link href="/services/deployment/client/deployment-client" rel="edit"/>
    <link href="/services/deployment/client/deployment-client/reload" rel="reload"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="serverClasses">
          <s:list>
            <s:item>dstest:dstestapp</s:item>
          </s:list>
        </s:key>
        <s:key name="targetUri">tiny:8089</s:key>
      </s:dict>
    </content>
  </entry>
</feed>


deployment/server

Provides access to the configurations of all deployment servers.

GET deployment/server

Returns the configurations of all deployment servers.

A deployment server is a Splunk instance that acts as a centralized configuration manager. Deployment clients poll server periodically to retrieve configurations.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view all deployment server configurations.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
disabled Indicates if the the deployment server is disabled.
whitelist.0 Specifies 0th whitelist filter for default server class. This is inherited by user defined server classes.

Example

Retrieves global configuration for deployment server instances.


curl -k -u admin:pass https://localhost:8089/services/deployment/server


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>deploymentserver</title>
  <id>https://localhost:8089/services/deployment/server</id>
  <updated>2011-07-22T10:47:20-0700</updated>
  <generator version="101277"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/server/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>dept1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/server/dept1</id>
    <updated>2011-07-22T10:47:20-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept1.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
  <entry>
    <title>dept2</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/server/dept2</id>
    <updated>2011-07-22T10:47:20-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/server/dept2" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/server/dept2" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2/dept2.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept2.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

deployment/server/{name}

GET deployment/server/{name}

Get the configuration information for this deployment server.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view this deployment server configuration.
404 Requested deployment server does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
disabled Indicates if the deployment server is disabled.
eai:attributes See Accessing Splunk resources
whitelist.0 Specifies 0th whitelist filter for default server class. This is inherited by user defined server classes.

Example

Retrieve deployment server configuration for instance 'dept1'


curl -k -u admin:pass https://localhost:8089/services/deployment/server/dept1


<feed xmlns="http://www.w3.org/2005/Atom" 
      xmlns:s="http://dev.splunk.com/ns/rest" 
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>deploymentserver</title>
  <id>https://localhost:8089/services/deployment/server</id>
  <updated>2011-07-22T10:50:17-0700</updated>
  <generator version="101277"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/server/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>dept1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/server/dept1</id>
    <updated>2011-07-22T10:50:17-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list>
                <s:item>check-new</s:item>
                <s:item>disabled</s:item>
              </s:list>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="whitelist.0">*.dept1.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST deployment/server/{name}

Updates deployment server instance configuration

Request

Name Type Required Default Description
check-new Boolean If true, this deployment server reviews the information in its configuration to find out if there is something new or updated to push out to a deployment client.
disabled Boolean If true, disables this deployment server.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit this deployment server configuration.
404 Requested deployment server does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

Attribute Description
disabled Indicates if the deployment server is disabled.
eai:acl See Access control lists for Splunk objects
whitelist.0 Specifies 0th whitelist filter for default server class. This is inherited by user defined server classes.

Example

Reload configuration to check for new server class on deployment server instance dept1.


curl -k -u admin:changeme https://localhost:8089/services/deployment/server/dept1 \
	-d check-new=true \
	-d disabled=false


<feed xmlns="http://www.w3.org/2005/Atom" 
      xmlns:s="http://dev.splunk.com/ns/rest" 
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>deploymentserver</title>
  <id>https://localhost:8089/services/deployment/server</id>
  <updated>2011-07-22T10:58:02-0700</updated>
  <generator version="101277"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/server/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>dept1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/server/dept1</id>
    <updated>2011-07-22T10:58:02-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.Clients" rel="clients"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.Reload" rel="reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept1.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
  <entry>
    <title>dept2</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/server/dept2</id>
    <updated>2011-07-22T10:58:02-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/server/dept2" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/server/dept2" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept2/dept2.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <s:key name="eai:acl"><s:dict><s:key name="app">system</s:key><s:key name="can_change_perms">1</s:key><s:key name="can_share_app">1</s:key><s:key name="can_share_global">1</s:key><s:key name="can_share_user">0</s:key><s:key name="can_write">1</s:key><s:key name="modifiable">1</s:key><s:key name="owner">nobody</s:key><s:key name="perms"><s:dict><s:key name="read"><s:list><s:item>*</s:item></s:list></s:key><s:key name="write"><s:list><s:item>*</s:item></s:list></s:key></s:dict></s:key><s:key name="sharing">system</s:key></s:dict></s:key>
        <s:key name="whitelist.0">*.dept2.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>


deployment/serverclass

Provides access to the configuration of a server class.

A server class defines a deployment configuration shared by a group of deployment clients. It defines both the criteria for being a member of the class and the set of content to deploy to members of the class. This content (encapsulated as "deployment apps") can consist of Splunk apps, Splunk configurations, and other related content, such as scripts, images, and supporting material. You can define different server classes to reflect the different requirements, OSes, machine types, or functions of your deployment clients.

Refer to Define server classes in the Splunk Distributed Deployment Manaual for more information and examples.

GET deployment/serverclass

Lists all server classes defined for a deployment server.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view deployment server classes.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
blacklist Blacklisted hosts for this server class.
blacklist.0 Specifies 0th blacklist filter for the given server class.
disabled Specifies whether default serverclass attributes are disabled.
filterType Determines the order of execution of filters.

If filterType is whitelist, all whitelist filters are applied first, followed by blacklist filters.

If filterType is blacklist, all blacklist filters are applied first, followed by whitelist filters.


repositoryLocation Location on the deployment server where apps retrived by Deployment clients are present.
whitelist Hosts to accept for this server class.
whitelist.0 Specifies 0th whitelist filter for the given server class.

Example

Lists all server classes for this deploymenent server.


curl -k -u admin:pass https://localhost:8089/services/deployment/serverclass


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentserverclass</title>
  <id>https://localhost:8089/services/deployment/serverclass</id>
  <updated>2011-07-21T13:51:08-07:00</updated>
  <generator version="104259"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/serverclass/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>AppsForDesktops</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops</id>
    <updated>2011-07-21T13:51:08-07:00</updated>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass_status/AppsForDesktops/status" rel="status"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="blacklist">*</s:key>
        <s:key name="blacklist.0">*</s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="filterType">blacklist</s:key>
        <s:key name="repositoryLocation">/home/vishalp/inst/current/etc/deployment-apps</s:key>
        <s:key name="whitelist">*.desktops.yourcompany.com</s:key>
        <s:key name="whitelist.0">*.desktops.yourcompany.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST deployment/serverclass

Creates a server class.

Request

Name Type Required Default Description
name String
The name of the server class.
blacklist String used to blacklist hosts for this serverclass
blacklist. String used to blacklist hosts for this serverclass
blacklist.0 String Criteria used to identify deployment clients to disallow this server class
blacklist.1 String Criteria used to identify deployment clients to disallow this server class
blacklist.2 String Criteria used to identify deployment clients to disallow this server class
blacklist.3 String Criteria used to identify deployment clients to disallow this server class
blacklist.4 String Criteria used to identify deployment clients to disallow this server class
blacklist.5 String Criteria used to identify deployment clients to disallow this server class
blacklist.6 String Criteria used to identify deployment clients to disallow this server class
blacklist.7 String Criteria used to identify deployment clients to disallow this server class
blacklist.8 String Criteria used to identify deployment clients to disallow this server class
blacklist.9 String Criteria used to identify deployment clients to disallow this server class
continueMatching Boolean Controls how configuration is layered across classes and server-specific settings.

If true, configuration lookups continue matching server classes, beyond the first match. If false, only the first match is used. Matching is done in the order that server classes are defined. Defaults to true.

A serverClass can override this property and stop the matching.

endpoint String Specify a URL template string, which specifies the endpoint from which content can be downloaded by a deployment client. The deployment client knows how to substitute the values of the variables in the URL. Any custom URL can also be supplied here as long as it uses the specified variables.

This attribute does not need to be specified unless you have a very specific need, for example: to acquire deployment application files from a third-party httpd, for extremely large environments.

Can be overridden at the serverClass level.

Defaults to $deploymentServerUri$/services/streams/deployment?name=$serverClassName$:$appName$

filterType Enum Valid values: (whitelist | blacklist)

Determines the order of execution of filters. If filterType is whitelist, all whitelist filters are applied first, followed by blacklist filters. If filterType is blacklist, all blacklist filters are applied first, followed by whitelist filters.

The whitelist setting indicates a filtering strategy that pulls in a subset:

  • Items are not considered to match the server class by default.
  • Items that match any whitelist entry, and do not match any blacklist entry, are considered to match the server class.
  • Items that match any blacklist entry are not considered to match the server class, regardless of whitelist.

The blacklist setting indicates a filtering strategy that rules out a subset:

  • Items are considered to match the server class by default.
  • Items that match any blacklist entry, and do not match any whitelist entry, are considered to not match the server class.
  • Items that match any whitelist entry are considered to match the server class.

More briefly:

whitelist: default no-match -> whitelists enable -> blacklists disable
blacklist: default match -> blacklists disable-> whitelists enable

You can override this value at the serverClass and serverClass:app levels. If you specify whitelist at the global level, and then specify blacklist for an individual server class, the setting becomes blacklist for that server class, and you have to provide another filter in that server class definition to replace the one you overrode.

repositoryLocation String The location on the deployment server to store the content that is to be deployed for this server class.

For example: $SPLUNK_HOME/etc/deployment-apps

whitelist String list of hosts to accept for this serverclass
whitelist. String list of hosts to accept for this serverclass
whitelist.0 String Criteria used to identify deployment clients to allow access to this server class
whitelist.1 String Criteria used to identify deployment clients to allow access to this server class
whitelist.2 String Criteria used to identify deployment clients to allow access to this server class
whitelist.3 String Criteria used to identify deployment clients to allow access to this server class
whitelist.4 String Criteria used to identify deployment clients to allow access to this server class
whitelist.5 String Criteria used to identify deployment clients to allow access to this server class
whitelist.6 String Criteria used to identify deployment clients to allow access to this server class
whitelist.7 String Criteria used to identify deployment clients to allow access to this server class
whitelist.8 String Criteria used to identify deployment clients to allow access to this server class
whitelist.9 String Criteria used to identify deployment clients to allow access to this server class

Response Codes

Status Code Description
201 Created successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to create a deployment server class.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

Attribute Description
blacklist blacklist is a read only property. Update of this attribute is not supported.
blacklist. Not supported
blacklist.0 Update 0th blacklist for serverclass.
blacklist.1 Update 1st blacklist for serverclass.
blacklist.2 Update 2nd blacklist for serverclass.
blacklist.3 Update 3rd blacklist for serverclass.
blacklist.4 Specifies 4th blacklist for serverclass.
blacklist.5 Update 5th blacklist for serverclass.
blacklist.6 Update 6th blacklist for serverclass.
blacklist.7 Update 7th blacklist for serverclass.
blacklist.8 Specifies 8th blacklist for serverclass.
blacklist.9 Specifies 9th blacklist for serverclass.
continueMatching Controls how configuration is layered across classes and server-specific settings.

Refer to Define server classes in the Splunk Distributed Deployment Manaual for more information and examples.

disabled Disables a server class.
endpoint The endpoint from which content can be downloaded by a deployment client. The deployment client knows how to substitute the values of the variables in the URL.
filterType Update filter type strategy.

Indicates a filtering strategy that pulls in a subset. Valid values are whitelist, blacklist. Refer to Define server classes in the Splunk Distributed Deployment Manaual for more information and examples.

repositoryLocation Update repository location of apps.
whitelist whitelist is a read only property. Update of this attribute is not supported.
whitelist. Not supported
whitelist.0 Update 0th whitelist for serverclass.
whitelist.1 Update 1st whitelist for serverclass.
whitelist.2 Specifies 2nd blacklist for serverclass.
whitelist.3 Update 3th whitelist for serverclass.
whitelist.4 Update 4th whitelist for serverclass.
whitelist.5 Update 5th whitelist for serverclass.
whitelist.6 Update 6th whitelist for serverclass.
whitelist.7 Update 7th whitelist for serverclass.
whitelist.8 Update 8th whitelist for serverclass.
whitelist.9 Update 9th whitelist for serverclass.

Example

Create a new serverclass, with the name MyServerClass.


curl -k -u admin:pass https://localhost:8089/services/deployment/serverclass \
	-d name=MyServerClass


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentserverclass</title>
  <id>https://localhost:8089/services/deployment/serverclass</id>
  <updated>2011-07-21T15:41:12-07:00</updated>
  <generator version="104259"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/serverclass/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>AppsForDesktops</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops</id>
    <updated>2011-07-21T15:41:12-07:00</updated>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass_status/AppsForDesktops/status" rel="status"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="blacklist">*</s:key>
        <s:key name="blacklist.0">*</s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="filterType">blacklist</s:key>
        <s:key name="repositoryLocation">/home/vishalp/inst/current/etc/deployment-apps</s:key>
        <s:key name="whitelist">*.desktops.yourcompany.com</s:key>
        <s:key name="whitelist.0">*.desktops.yourcompany.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

deployment/serverclass/{name}

GET deployment/serverclass/{name}

Returns information about this server class.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view deployment server class.
404 Deployment server class does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
blacklist Blacklisted hosts for this server class.
blacklist.0 Specifies 0th blacklist filter for the given server class.
disabled Specifies whether default serverclass attributes are diabled.
eai:attributes See Accessing Splunk resources
filterType Determines the order of execution of filters.

If filterType is whitelist, all whitelist filters are applied first, followed by blacklist filters.

If filterType is blacklist, all blacklist filters are applied first, followed by whitelist filters.


repositoryLocation Location on the deployment server where apps retrived by Deployment clients are present.
whitelist Hosts to accept for this server class.
whitelist.0 Specifies 0th whitelist filter for the given server class.
whitelist.1 Specifies first whitelist filter for the given server class.

Example

Return configuration details for the serverclass, MyServerClass.


curl -k -u admin:pass https://localhost:8089/services/deployment/serverclass/MyServerClass


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentserverclass</title>
  <id>https://localhost:8089/services/deployment/serverclass</id>
  <updated>2011-07-21T15:38:00-07:00</updated>
  <generator version="104259"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/serverclass/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>MyServerClass</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/serverclass/MyServerClass</id>
    <updated>2011-07-21T15:38:00-07:00</updated>
    <link href="/servicesNS/nobody/system/deployment/serverclass/MyServerClass" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/serverclass/MyServerClass" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/MyServerClass" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/MyServerClass/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass_status/MyServerClass/status" rel="status"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="blacklist">*</s:key>
        <s:key name="blacklist.0">*</s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list>
                <s:item>blacklist</s:item>
                <s:item>blacklist.</s:item>
                <s:item>blacklist.0</s:item>
                <s:item>blacklist.1</s:item>
                <s:item>blacklist.2</s:item>
                <s:item>blacklist.3</s:item>
                <s:item>blacklist.4</s:item>
                <s:item>blacklist.5</s:item>
                <s:item>blacklist.6</s:item>
                <s:item>blacklist.7</s:item>
                <s:item>blacklist.8</s:item>
                <s:item>blacklist.9</s:item>
                <s:item>continueMatching</s:item>
                <s:item>endpoint</s:item>
                <s:item>filterType</s:item>
                <s:item>repositoryLocation</s:item>
                <s:item>targetRepositoryLocation</s:item>
                <s:item>tmpFolder</s:item>
                <s:item>whitelist</s:item>
                <s:item>whitelist.</s:item>
                <s:item>whitelist.0</s:item>
                <s:item>whitelist.1</s:item>
                <s:item>whitelist.2</s:item>
                <s:item>whitelist.3</s:item>
                <s:item>whitelist.4</s:item>
                <s:item>whitelist.5</s:item>
                <s:item>whitelist.6</s:item>
                <s:item>whitelist.7</s:item>
                <s:item>whitelist.8</s:item>
                <s:item>whitelist.9</s:item>
              </s:list>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="filterType">blacklist</s:key>
        <s:key name="repositoryLocation">/home/vishalp/inst/current/etc/deployment-apps</s:key>
        <s:key name="whitelist">*.web.fflanda.com,*.linux.fflanda.com</s:key>
        <s:key name="whitelist.0">*.web.fflanda.com</s:key>
        <s:key name="whitelist.1">*.linux.fflanda.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST deployment/serverclass/{name}

Creates a new server class.

Request

Name Type Required Default Description
blacklist String used to blacklist hosts for this serverclass
blacklist. String used to blacklist hosts for this serverclass
blacklist.0 String Criteria used to identify deployment clients to disallow this server class
blacklist.1 String Criteria used to identify deployment clients to disallow this server class
blacklist.2 String Criteria used to identify deployment clients to disallow this server class
blacklist.3 String Criteria used to identify deployment clients to disallow this server class
blacklist.4 String Criteria used to identify deployment clients to disallow this server class
blacklist.5 String Criteria used to identify deployment clients to disallow this server class
blacklist.6 String Criteria used to identify deployment clients to disallow this server class
blacklist.7 String Criteria used to identify deployment clients to disallow this server class
blacklist.8 String Criteria used to identify deployment clients to disallow this server class
blacklist.9 String Criteria used to identify deployment clients to disallow this server class
continueMatching Boolean Controls how configuration is layered across classes and server-specific settings.

If true, configuration lookups continue matching server classes, beyond the first match. If false, only the first match is used. Matching is done in the order that server classes are defined. Defaults to true.

A serverClass can override this property and stop the matching.

endpoint String Specify a URL template string, which specifies the endpoint from which content can be downloaded by a deployment client. The deployment client knows how to substitute the values of the variables in the URL. Any custom URL can also be supplied here as long as it uses the specified variables.

This attribute does not need to be specified unless you have a very specific need, for example: to acquire deployment application files from a third-party httpd, for extremely large environments.

Can be overridden at the serverClass level.

Defaults to $deploymentServerUri$/services/streams/deployment?name=$serverClassName$:$appName$

filterType Enum Valid values: (whitelist | blacklist)

Determines the order of execution of filters. If filterType is whitelist, all whitelist filters are applied first, followed by blacklist filters. If filterType is blacklist, all blacklist filters are applied first, followed by whitelist filters.

The whitelist setting indicates a filtering strategy that pulls in a subset:

  • Items are not considered to match the server class by default.
  • Items that match any whitelist entry, and do not match any blacklist entry, are considered to match the server class.
  • Items that match any blacklist entry are not considered to match the server class, regardless of whitelist.

The blacklist setting indicates a filtering strategy that rules out a subset:

  • Items are considered to match the server class by default.
  • Items that match any blacklist entry, and do not match any whitelist entry, are considered to not match the server class.
  • Items that match any whitelist entry are considered to match the server class.

More briefly:

whitelist: default no-match -> whitelists enable -> blacklists disable
blacklist: default match -> blacklists disable-> whitelists enable

You can override this value at the serverClass and serverClass:app levels. If you specify whitelist at the global level, and then specify blacklist for an individual server class, the setting becomes blacklist for that server class, and you have to provide another filter in that server class definition to replace the one you overrode.

repositoryLocation String The location on the deployment server to store the content that is to be deployed for this server class.

For example: $SPLUNK_HOME/etc/deployment-apps

whitelist String list of hosts to accept for this serverclass
whitelist. String list of hosts to accept for this serverclass
whitelist.0 String Criteria used to identify deployment clients to allow access to this server class
whitelist.1 String Criteria used to identify deployment clients to allow access to this server class
whitelist.2 String Criteria used to identify deployment clients to allow access to this server class
whitelist.3 String Criteria used to identify deployment clients to allow access to this server class
whitelist.4 String Criteria used to identify deployment clients to allow access to this server class
whitelist.5 String Criteria used to identify deployment clients to allow access to this server class
whitelist.6 String Criteria used to identify deployment clients to allow access to this server class
whitelist.7 String Criteria used to identify deployment clients to allow access to this server class
whitelist.8 String Criteria used to identify deployment clients to allow access to this server class
whitelist.9 String Criteria used to identify deployment clients to allow access to this server class

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit deployment server class.
404 Deployment server class does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

Attribute Description
blacklist blacklist is a read only property. Update of this attribute is not supported.
blacklist. Not supported
blacklist.0 Update 0th blacklist for serverclass.
blacklist.1 Update 1st blacklist for serverclass.
blacklist.2 Update 2nd blacklist for serverclass.
blacklist.3 Update 3rd blacklist for serverclass.
blacklist.4 Specifies 4th blacklist for serverclass.
blacklist.5 Update 5th blacklist for serverclass.
blacklist.6 Update 6th blacklist for serverclass.
blacklist.7 Update 7th blacklist for serverclass.
blacklist.8 Specifies 8th blacklist for serverclass.
blacklist.9 Specifies 9th blacklist for serverclass.
continueMatching Controls how configuration is layered across classes and server-specific settings.

Refer to Define server classes in the Splunk Distributed Deployment Manaual for more information and examples.

disabled Disables a server class.
endpoint The endpoint from which content can be downloaded by a deployment client. The deployment client knows how to substitute the values of the variables in the URL.
filterType Update filter type strategy.

Indicates a filtering strategy that pulls in a subset. Valid values are whitelist, blacklist. Refer to Define server classes in the Splunk Distributed Deployment Manaual for more information and examples.

repositoryLocation Update repository location of apps.
whitelist whitelist is a read only property. Update of this attribute is not supported.
whitelist. Not supported
whitelist.0 Update 0th whitelist for serverclass.
whitelist.1 Update 1st whitelist for serverclass.
whitelist.2 Specifies 2nd blacklist for serverclass.
whitelist.3 Update 3th whitelist for serverclass.
whitelist.4 Update 4th whitelist for serverclass.
whitelist.5 Update 5th whitelist for serverclass.
whitelist.6 Update 6th whitelist for serverclass.
whitelist.7 Update 7th whitelist for serverclass.
whitelist.8 Update 8th whitelist for serverclass.
whitelist.9 Update 9th whitelist for serverclass.

Example

Set the filter type for MyServerClass to blacklist, all blacklist filters are applied first, followed by whitelist filters. It also sets filters for both the blacklist and the whitelist.


curl -k -u admin:pass https://localhost:8089/services/deployment/serverclass/MyServerClass \
	-d filterType=blacklist \
	-d blacklist.0=* \
	-d whitelist.0=*.web.fflanda.com \
	-d whitelist.1=*.linux.fflanda.com


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>deploymentserverclass</title>
  <id>https://localhost:8089/services/deployment/serverclass</id>
  <updated>2011-07-21T13:52:02-07:00</updated>
  <generator version="104259"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/serverclass/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>AppsForDesktops</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops</id>
    <updated>2011-07-21T13:52:02-07:00</updated>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass/AppsForDesktops/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/serverclass_status/AppsForDesktops/status" rel="status"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="blacklist">*</s:key>
        <s:key name="blacklist.0">*</s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="filterType">blacklist</s:key>
        <s:key name="repositoryLocation">/home/vishalp/inst/current/etc/deployment-apps</s:key>
        <s:key name="whitelist">*.desktops.yourcompany.com</s:key>
        <s:key name="whitelist.0">*.desktops.yourcompany.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>


deployment/tenants

Provides access to the multi-tenants configuration for this Splunk instance.

GET deployment/tenants

Lists the multi-tenants configuration for this Splunk instance.

Multi-tenants configuration is a type of deployment server topology where more than one deployment server is running on the same Splunk instance, and each of those deployment servers serves content to its own set of deployment clients.

Refer to "Deploy in multi-tenant environments" in the Splunk Distributed Deployment Manaul for more information.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view deployment tenants configuration.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
disabled Indicates if this deployment server, which is in a multi-tenant configuration, is disabled.
whitelist.0 Specifies 0th whitelist filter for default server class. This is inherited by user defined server classes.

Example

Retrieve tentant configuration for all deployment servers hosted by the splunk instance


curl -k -u admin:pass https://localhost:8089/services/deployment/tenants


<feed xmlns="http://www.w3.org/2005/Atom" 
      xmlns:s="http://dev.splunk.com/ns/rest" 
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>deploymenttenants</title>
  <id>https://localhost:8089/services/deployment/tenants</id>
  <updated>2011-07-22T11:10:32-0700</updated>
  <generator version="101277"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/tenants/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>dept1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/tenants/dept1</id>
    <updated>2011-07-22T11:10:32-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/dept1.Clients" rel="clients"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/dept1.Reload" rel="reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/dept1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept1.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
  <entry>
    <title>dept2</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/tenants/dept2</id>
    <updated>2011-07-22T11:10:32-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2/dept2.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept2.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

deployment/tenants/{name}

GET deployment/tenants/{name}

Lists the configuration for this deployment server in a multi-tenant configuration.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view the deployment tenants configuration.
404 Deployment tenants configuration does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
disabled Indicates if this deployment server, which is in a multi-tenant configuration, is disabled.
eai:attributes See Accessing Splunk resources
whitelist.0 Specifies 0th whitelist filter for default server class. This is inherited by user defined server classes.

Example

Retrieve configuration for deployment server instance dept1


curl -k -u admin:pass https://localhost:8089/services/deployment/tenants/dept1


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>deploymentserver</title>
  <id>https://localhost:8089/services/deployment/server</id>
  <updated>2011-07-22T11:08:46-0700</updated>
  <generator version="101277"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/server/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>dept1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/server/dept1</id>
    <updated>2011-07-22T11:08:46-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.Clients" rel="clients"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.Reload" rel="reload"/>
    <link href="/servicesNS/nobody/system/deployment/server/dept1/dept1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list>
                <s:item>check-new</s:item>
                <s:item>disabled</s:item>
              </s:list>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="whitelist.0">*.dept1.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST deployment/tenants/{name}

Updates the configuration for this deployment server in a multi-tenant configuration.

Request

Name Type Required Default Description
check-new Boolean If true, this deployment server in a multi-tenant configuration reviews the information in its configuration to find out if there is something new or updated to push out to a deployment client.
disabled Boolean If true, disables this deployment server, which is in a multi-tenant configuration.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit the deployment tenants configuration.
404 Deployment tenants configuration does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

Attribute Description
disabled Indicates if this deployment server, which is in a multi-tenant configuration, is disabled.
whitelist.0 Specifies 0th whitelist filter for default server class. This is inherited by user defined server classes.

Example

Get deployment server configuration for deployment server instance dept1


curl -k -u admin:pass https://localhost:8089/services/deployment/tenants/dept1 \
	-d check-new=true \
	-d disabled=false


<feed xmlns="http://www.w3.org/2005/Atom" 
      xmlns:s="http://dev.splunk.com/ns/rest" 
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>deploymenttenants</title>
  <id>https://localhost:8089/services/deployment/tenants</id>
  <updated>2011-07-22T11:39:46-0700</updated>
  <generator version="101277"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/tenants/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>dept1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/tenants/dept1</id>
    <updated>2011-07-22T11:39:46-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/dept1.Clients" rel="clients"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/dept1.Reload" rel="reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept1/dept1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept1.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
  <entry>
    <title>dept2</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/tenants/dept2</id>
    <updated>2011-07-22T11:39:46-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dept2/dept2.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="whitelist.0">*.dept2.splunk.com</s:key>
      </s:dict>
    </content>
  </entry>
  <entry>
    <title>dest1</title>
    <id>https://localhost:8089/servicesNS/nobody/system/deployment/tenants/dest1</id>
    <updated>2011-07-22T11:39:46-0700</updated>
    <link href="/servicesNS/nobody/system/deployment/tenants/dest1" rel="alternate"/>
    <author>
      <name>nobody</name>
    </author>
    <link href="/servicesNS/nobody/system/deployment/tenants/dest1" rel="list"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dest1/_reload" rel="_reload"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dest1" rel="edit"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dest1/disable" rel="disable"/>
    <link href="/servicesNS/nobody/system/deployment/tenants/dest1/dest1.ServerClasses" rel="serverclasses"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="disabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
      </s:dict>
    </content>
  </entry>
</feed>


search/distributed/config

Provides access to Splunk's distributed search options. This option is not for adding search peers.

GET search/distributed/config

Lists the configuration options for the distributed search system.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view configuration for distributed search.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
checkTimedOutServersFrequency Rechecks servers at the specified frequency (in seconds). If this is set to 0, then no recheck occurs. Defaults to 60.

This attribute is ONLY relevant if removeTimedOutServers is set to true. If removeTimedOutServers is false, this attribute is ignored.

disabled Indicates if the distributed search is disabled.
dist_search_enabled Indicates if the distributed search is enabled.
receiveTimeout Amount of time in seconds to use as a timeout while trying to read/receive data from a search peer.
removedTimedOutServers If true, removes a server connection that cannot be made within serverTimeout.

If false, every call to that server attempts to connect. This may result in a slow user interface.


serverTimeout Deprecated. Refer to connectionTimeout, sendTimeout, and receiveTimeout.
servers The initial list of servers.

If operating completely in autoAddServers mode (discovering all servers), there is no need to list any servers here.

shareBundles Indicates whether this server uses bundle replication to share search time configuration with search peers.

If set to false, the search head assumes that the search peers can access the correct bundles using an NFS share and have correctly configured the options listed under: "SEARCH HEAD BUNDLE MOUNTING OPTIONS."


statusTimeout Set connection timeout when gathering a search peer's basic info (/services/server/info).

Note: Read/write timeouts are automatically set to twice this value.

Example

Retrieves distributed search configuration.


curl -k -u admin:pass https://localhost:8089/services/search/distributed/config


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-setup</title>
  <id>https://localhost:8089/services/search/distributed/config</id>
  <updated>2011-07-10T23:21:51-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>distributedSearch</title>
    <id>https://localhost:8089/services/search/distributed/config/distributedSearch</id>
    <updated>2011-07-10T23:21:51-07:00</updated>
    <link href="/services/search/distributed/config/distributedSearch" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/config/distributedSearch" rel="list"/>
    <link href="/services/search/distributed/config/distributedSearch" rel="edit"/>
    <link href="/services/search/distributed/config/distributedSearch" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="checkTimedOutServersFrequency">60</s:key>
        <s:key name="disabled">0</s:key>
        <s:key name="dist_search_enabled">1</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="removedTimedOutServers">0</s:key>
        <s:key name="serverTimeout">10</s:key>
        <s:key name="servers"/>
        <s:key name="shareBundles">1</s:key>
        <s:key name="statusTimeout">10</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

search/distributed/config/{name}

DELETE search/distributed/config/{name}

Disables the distributed search feature. Note that "distributedSearch" is the only valid name here.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Deleted successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to delete configuration for distributed search.
404 Configuration for distributed search does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

Disables the distributed search configuration. Note that "distributedSearch" is the only valid name here.


curl -k -u admin:pass --request DELETE \
	https://localhost:8089/services/search/distributed/config/distributedSearch


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-setup</title>
  <id>https://localhost:8089/services/search/distributed/config</id>
  <updated>2011-07-10T23:23:17-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
</feed>

GET search/distributed/config/{name}

Displays configuration options. Note that "distributedSearch" is the only valid name here.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view configuration for distributed search.
404 Configuration for distributed search does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
receiveTimeout Amount of time in seconds to use as a timeout while trying to read/receive data from a search peer.

Example

Retrieves distributed search configuration. This is identical to accessing search/distributed/config. Note that "distributedSearch" is the only valid name here.


curl -k -u admin:pass https://localhost:8089/services/search/distributed/config/distributedSearch


See response for search/distributed/config.

POST search/distributed/config/{name}

Update the configuration for the distributed search feature. Note that "distributedSearch" is the only valid name here.

Request

Name Type Required Default Description
checkTimedOutServersFrequency Number Rechecks servers at the specified frequency (in seconds). If this is set to 0, then no recheck occurs. Defaults to 60.

This attribute is ONLY relevant if removeTimedOutServers is set to true. If removeTimedOutServers is false, this attribute is ignored.

connectionTimeout Number Amount of time, in seconds, to use as a timeout during search peer connection establishment.
disabled Boolean If true, disables the distributed search.

Defaults to false (the distributed search is enabled).

receiveTimeout Number Amount of time in seconds to use as a timeout while trying to read/receive data from a search peer.
removedTimedOutServers Boolean If true, removes a server connection that cannot be made within the timeout period specified by connectionTimeout, sendTimeout, or receiveTimeout.

If false, every call to that server attempts to connect. This may result in a slow user interface.

Defaults to false.

sendTimeout Number Amount of time in seconds to use as a timeout while trying to write/send data to a search peer.
serverTimeout Number Deprecated. Use connectionTimeout, sendTimeout, and receiveTimeout.
servers String Specify a comma-separated list of server to set the initial list of servers.

If operating completely in autoAddServers mode (discovering all servers), there is no need to list any servers here.

shareBundles Boolean Indicates whether this server uses bundle replication to share search time configuration with search peers.

If set to false, the search head assumes that the search peers can access the correct bundles using an NFS share and have correctly configured the options listed under: "SEARCH HEAD BUNDLE MOUNTING OPTIONS."

Defaults to true.

statusTimeout Number Set connection timeout when gathering a search peer's basic info (/services/server/info). Defaults to 10.

Note: Read/write timeouts are automatically set to twice this value.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit configuration for distributed search.
404 Configuration for distributed search does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

This example changes the connection timeout period of a distributed search to 20 seconds.


curl -k -u admin:pass https://localhost:8089/services/search/distributed/config/distributedSearch \
	-d connectionTimeout=20


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-setup</title>
  <id>https://localhost:8089/services/search/distributed/config</id>
  <updated>2011-07-10T23:23:06-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
</feed>



search/distributed/peers

Provides distributed peer server management.

A search peer is defined as a splunk server to which another splunk server distributes searches. The splunk server where the search request originates is referred to as the search head.

GET search/distributed/peers

Returns a list of configured search peers that this search head is configured to distribute searches to. This includes configured search peers that have been disabled.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view search peer.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
build The Splunk build number for this peer.
bundle_versions The IDs of the bundles (of this search head) that the peer has.

The IDs are sorted from latest to earliest.

disabled Indicates if the peer is disabled.
guid GUID of the peer.
is_https Inidcates if the management port is ussing SSL.
licenseSignature The license signature.
peerName The Splunk server name of the peer.
peerType Specifies whether the peer is configured or discovered.
replicationStatus The status of bundle replication to this peer. Can be any of the following values:
Initial
In progress
Failed
Successful
Mounted
status The status of the peer.

Can be one of the following values:

Up
Down
Blacklisted
Not a Splunk server
Free Splunk server
Authentication Failed
Duplicate License
Duplicate Servername
Inconsistent bundles
version The Splunk version string this peer is running.

Example

This example lists configured search peers that this search head is configured to distribute searches to.



curl -k -u admin:pass https://localhost:8089/services/search/distributed/peers


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-peer</title>
  <id>https://localhost:8089/services/search/distributed/peers</id>
  <updated>2011-07-11T18:21:48-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>tiny:8090</title>
    <id>https://localhost:8089/services/search/distributed/peers/tiny%3A8090</id>
    <updated>2011-07-11T18:21:48-07:00</updated>
    <link href="/services/search/distributed/peers/tiny%3A8090" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/tiny%3A8090" rel="list"/>
    <link href="/services/search/distributed/peers/tiny%3A8090" rel="edit"/>
    <link href="/services/search/distributed/peers/tiny%3A8090" rel="remove"/>
    <link href="/services/search/distributed/peers/tiny%3A8090/disable" rel="disable"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build"/>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="guid"/>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature"/>
        <s:key name="peerName">tiny:8090</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="status">Down</s:key>
        <s:key name="version"/>
      </s:dict>
    </content>
  </entry>
</feed>


POST search/distributed/peers

Add a new distributed search peer.

The distributed search must first be enabled using the search/distributed/config endpoint.

Request

Name Type Required Default Description
name String
The name of the search peer.

Defined as hostname:port, where port is the management port.

remotePassword String
The password of the remote user.

This is used to authenicate with the search peer to exchange certificates.

remoteUsername String
The username of a user with admin privileges in the search peer server.

This is used to exchange certificates.

Response Codes

Status Code Description
201 Created successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to create a search peer.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

This example adds a new search peer. Note that distributed search must first be enabled via the search/distributed/config endpoint.



curl -k -u admin:pass https://localhost:8089/services/search/distributed/peers \
	-d name=MrT:8092 \
	-d remoteUsername=admin \
	-d remotePassword=mypass


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-peer</title>
  <id>https://localhost:8089/services/search/distributed/peers</id>
  <updated>2011-07-11T18:22:00-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
</feed>



search/distributed/peers/{name}

DELETE search/distributed/peers/{name}

Removes the distributed search peer specified by {name}.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Deleted successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to delete the search peer.
404 The search peer does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

This example removes the distributed search peer hosted at MrT:8092.



curl -k -u admin:pass --request DELETE \
	https://localhost:8089/services/search/distributed/peers/MrT%3A8092


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-peer</title>
  <id>https://localhost:8089/services/search/distributed/peers</id>
  <updated>2011-07-11T18:24:31-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
</feed>


GET search/distributed/peers/{name}

Returns information about the distributed search peer specified by {name}.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view search peer.
404 Search peer does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
build The Splunk build number for this peer.
bundle_versions The IDs of the bundles (of this search head) that the peer has.

The IDs are sorted from latest to earliest.

disabled Indicates if the peer is disabled.
eai:attributes See Accessing Splunk resources
guid GUID of the peer.
is_https Indicates if the management port is ussing SSL.
licenseSignature The license signature.
peerName The Splunk server name of the peer.
peerType Specifies whether the peer is configured or discovered.
replicationStatus The status of bundle replication to this peer. Can be any of the following values:
Initial
In progress
Failed
Successful
Mounted
status The status of the peer.

Can be one of the following values:

Up
Down
Blacklisted
Not a Splunk server
Free Splunk server
Authentication Failed
Duplicate License
Duplicate Servername
Inconsistent bundles
version The Splunk version string this peer is running.

Example

This example retrieves information about the search peer hosted at MrT:8092.


curl -k -u admin:pass https://localhost:8089/services/search/distributed/peers/MrT%3A8092


<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-peer</title>
  <id>https://localhost:8089/services/search/distributed/peers</id>
  <updated>2011-07-11T18:23:34-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>MrT:8092</title>
    <id>https://localhost:8089/services/search/distributed/peers/MrT%3A8092</id>
    <updated>2011-07-11T18:23:34-07:00</updated>
    <link href="/services/search/distributed/peers/MrT%3A8092" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/search/distributed/peers/MrT%3A8092" rel="list"/>
    <link href="/services/search/distributed/peers/MrT%3A8092" rel="edit"/>
    <link href="/services/search/distributed/peers/MrT%3A8092" rel="remove"/>
    <link href="/services/search/distributed/peers/MrT%3A8092/disable" rel="disable"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="build">102878</s:key>
        <s:key name="bundle_versions">
          <s:list/>
        </s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list/>
            </s:key>
            <s:key name="requiredFields">
              <s:list>
                <s:item>remotePassword</s:item>
                <s:item>remoteUsername</s:item>
              </s:list>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="guid">04D30EDF-A255-47D9-8B78-4ED003AFB660</s:key>
        <s:key name="is_https">1</s:key>
        <s:key name="licenseSignature">69fc3b4aef59da9610548e84ce63b8a2</s:key>
        <s:key name="peerName">MrT-amrit</s:key>
        <s:key name="peerType">configured</s:key>
        <s:key name="replicationStatus">Initial</s:key>
        <s:key name="status">Up</s:key>
        <s:key name="version">20110705</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST search/distributed/peers/{name}

Update the configuration of the distributed search peer specified by {name}.

Request

Name Type Required Default Description
remotePassword String
The password of the remote user.

This is used to authenicate with the search peer to exchange certificates.

remoteUsername String
The username of a user with admin privileges in the search peer server.

This is used to exchange certificates.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit the search peer.
404 The search peer does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

This example updates the username and password used to authenticate against the distributed search peer hosted at MrT:8092.



curl -k -u admin:pass https://localhost:8089/services/search/distributed/peers/MrT%3A8092 \
	-d remoteUsername=admin \
	-d remotePassword=pass



<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
      xmlns:s="http://dev.splunk.com/ns/rest">
  <title>distsearch-peer</title>
  <id>https://localhost:8089/services/search/distributed/peers</id>
  <updated>2011-07-11T18:24:11-07:00</updated>
  <generator version="102807"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/search/distributed/peers/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
</feed>
PREVIOUS
Configurations
  NEXT
Indexes

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters