Splunk® Enterprise

REST API Reference Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Clusters

Use the Cluster endpoints to configure and manage master and peer nodes in a cluster.

cluster/*
Access and manage clusters.


cluster/config

Allows you to configure and access nodes in a cluster.

GET cluster/config

Lists the configuration of a node in a cluster.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify -1.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view the cluster configuration.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
cxn_timeout Low-level timeout, in seconds, for establishing connection between cluster nodes. Defaults to 60 seconds.
disabled Indicates if this node is disabled.
forwarderdata_rcv_port The port from which to receive data from a forwarder.
forwarderdata_use_ssl Indicates whether to use SSL when receiving data from a forwarder.
heartbeat_period Only valid for peer nodes in a cluster. The time, in seconds, that a peer attempts to send a heartbeat to the master
heartbeat_timeout Only valid for the master node in a cluster configuration. The time, in seconds, before a master considers a peer down. Once a peer is down, the master initiates steps to replicate buckets from the dead peer to its live peers. Defaults to 60 seconds.
master_uri Valid only for nodes configured as a peer or searchhead.

URI of the cluster master to which this node connects.

max_peer_build_load The number of jobs that a peer can have in progress at any time that make the bucket searchable.
max_peer_rep_load Maximum number of replications that can be ongoing as a target.
mode Valid values: (master | slave | searchhead | disabled) Defaults to disabled.

Sets operational mode for this cluster node. Only one master may exist per cluster.

ping_flag For internal use to facilitate communication between the master and peers.
quiet_period The time, in seconds, that a master waits for peers to add themselves to the cluster.
rcv_timeout Low-level timeout, in seconds, for receiving data between cluster nodes. Defaults to 60 seconds.
register_forwarder_address Not used.

Reserved for future use.

register_replication_address Valid only for nodes configured as peers. The address on which a peer is available for accepting replication data. This is useful in the cases where a peer host machine has multiple interfaces and only one of them can be reached by another splunkd instance.
register_search_address IP address that advertises this indexer to search heads.
rep_cxn_timeout Low-level timeout, in seconds, for establishing a connection for replicating data.
rep_max_rcv_timeout Maximum cumulative time, in seconds, for receiving acknowledgement data from peers. Defaults to 600s.
rep_max_send_timeout Maximum time, in seconds, for sending replication slice data between cluster nodes. Defaults to 600s.
rep_rcv_timeout Low-level timeout, in seconds, for receiving data between cluster nodes.
rep_send_timeout Low-level timeout, in seconds, for sending replication data between cluster nodes. Defaults to 5 seconds.
replication_factor Only valid for nodes configured as a master.

Determines how many copies of raw data are created in the cluster. This could be less than the number of cluster peers.

Must be greater than 0 and greater than or equal to the search factor. Defaults to 3.

replication_port TCP port to listen for replicated data from another cluster member.
replication_use_ssl Indicates whether to use SSL when sending replication data.
restart_timeout Only valid for nodes configured as a master. The amount of time, in seconds, the master waits for a peer to come back when the peer is restarted (to avoid the overhead of trying to fix the buckets that were on the peer). Defaults to 600 seconds.

Note: This only works if the peer is restarted from Splunk Web.

search_factor Only valid for nodes configured as a master. Determines how many searchable copies of each bucket to maintain. Must be less than or equal to replication_factor and greater than 0. Defaults to 2.
secret Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the master, it is not able to communicate with the master.

Corresponds to pass4SymmKey setting in server.conf.

send_timeout Low-level timeout, in seconds, for sending data between cluster nodes. Defaults to 60 seconds.

Example

Lists the configuration of a master node in a cluster.

curl -k -u admin:pass https://localhost:8089/services/cluster/config
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clusterconfig</title>
  <id>https://localhost:8089/services/cluster/config</id>
  <updated>2012-09-05T10:19:49-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/config/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>config</title>
    <id>https://localhost:8089/services/cluster/config/config</id>
    <updated>2012-09-05T10:19:49-07:00</updated>
    <link href="/services/cluster/config/config" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/config/config" rel="list"/>
    <link href="/services/cluster/config/config/_reload" rel="_reload"/>
    <link href="/services/cluster/config/config" rel="edit"/>
    <link href="/services/cluster/config/config/disable" rel="disable"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="cxn_timeout">60</s:key>
        <s:key name="disabled">0</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="forwarderdata_rcv_port">0</s:key>
        <s:key name="forwarderdata_use_ssl">1</s:key>
        <s:key name="heartbeat_period">1</s:key>
        <s:key name="heartbeat_timeout">60</s:key>
        <s:key name="master_uri"></s:key>
        <s:key name="max_peer_build_load">5</s:key>
        <s:key name="max_peer_rep_load">5</s:key>
        <s:key name="mode">master</s:key>
        <s:key name="ping_flag">1</s:key>
        <s:key name="quiet_period">60</s:key>
        <s:key name="rcv_timeout">60</s:key>
        <s:key name="register_forwarder_address"></s:key>
        <s:key name="register_replication_address"></s:key>
        <s:key name="register_search_address"></s:key>
        <s:key name="rep_cxn_timeout">5</s:key>
        <s:key name="rep_max_rcv_timeout">600</s:key>
        <s:key name="rep_max_send_timeout">600</s:key>
        <s:key name="rep_rcv_timeout">10</s:key>
        <s:key name="rep_send_timeout">5</s:key>
        <s:key name="replication_factor">2</s:key>
        <s:key name="replication_port"></s:key>
        <s:key name="replication_use_ssl">0</s:key>
        <s:key name="restart_timeout">600</s:key>
        <s:key name="search_factor">2</s:key>
        <s:key name="secret">********</s:key>
        <s:key name="send_timeout">60</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/master/buckets

Provides access to information about the bucket configuration for a cluster's master node.

GET cluster/master/buckets

Lists the bucket configuration for a cluster's master node.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
filter String Filter results returned according to specified attributes. For example, to show results only for the main index, specify:
filter="index=main"
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view bucket configurations for this server.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
bucket_size Indicates the size, in bytes, of the bucket.
filter The filter used to specify which results to return.
frozen Indicates if the bucket is frozen.
peers Lists information about buckets on peers to this master.
service_after_time Bucket service is deferred until after this time.
standalone Indicates if the bucket was created on the peer before the peer entered into a cluster configuration with this master.

Example

Lists information about the buckets for a cluster's master node.

curl -k -u admin:pass https://localhost:8089/services/cluster/master/buckets
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermasterbuckets</title>
  <id>https://localhost:8089/services/cluster/master/buckets</id>
  <updated>2012-09-05T10:25:36-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/buckets/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</title>
    <id>https://localhost:8089/services/cluster/master/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</id>
    <updated>2012-09-05T10:25:36-07:00</updated>
    <link href="/services/cluster/master/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="list"/>
    <link href="/services/cluster/master/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="bucket_size">1677</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="frozen">0</s:key>
        <s:key name="peers">
          <s:dict>
            <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516">
              <s:dict>
                <s:key name="bucket_flags">0xffffffffffffffff</s:key>
                <s:key name="checksum"></s:key>
                <s:key name="checksum_state">StableCksum</s:key>
                <s:key name="search_state">Searchable</s:key>
                <s:key name="status">Complete</s:key>
              </s:dict>
            </s:key>
            <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9">
              <s:dict>
                <s:key name="bucket_flags">0x0</s:key>
                <s:key name="checksum"></s:key>
                <s:key name="checksum_state">StableCksum</s:key>
                <s:key name="search_state">Searchable</s:key>
                <s:key name="status">Complete</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="service_after_time">0</s:key>
        <s:key name="standalone">0</s:key>
      </s:dict>
    </content>
  </entry>
  . . .
</feed>

cluster/master/buckets/{name}

GET cluster/master/buckets/{name}

Lists the bucket configuration for a cluster's master node.

Request

Name Type Required Default Description
filter String Filter results returned according to specified attributes. For example, to show results only for the main index, specify:
filter="index=main"

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view bucket configuration for this server.
404 The named bucket does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
bucket_size Indicates the size, in bytes, of the bucket.
filter The filter used to specify which results to return.
frozen Indicates if the bucket is frozen.
peers Lists information about buckets on peers to this master.
service_after_time Bucket service is deferred until after this time.
standalone Indicates if the bucket was created on the peer before the peer entered into a cluster configuration with this master.

Example

Lists information about the buckets for a cluster's master node.

curl -k -u admin:pass \
	https://localhost:8089/services/cluster/master/buckets/_internal~0~B8B5E5C6-DB26-4952-AFB1-C5EFEFFFEA31
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermasterbuckets</title>
  <id>https://localhost:8089/services/cluster/master/buckets</id>
  <updated>2012-09-05T10:32:35-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/buckets/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</title>
    <id>https://localhost:8089/services/cluster/master/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</id>
    <updated>2012-09-05T10:32:35-07:00</updated>
    <link href="/services/cluster/master/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="list"/>
    <link href="/services/cluster/master/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="bucket_size"></s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <!-- eai:aattributes nodes elided for brevity. -->
        <s:key name="frozen">0</s:key>
        <s:key name="peers">
          <s:dict>
            <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516">
              <s:dict>
                <s:key name="bucket_flags">0x0</s:key>
                <s:key name="checksum"></s:key>
                <s:key name="checksum_state">StableCksum</s:key>
                <s:key name="search_state">Searchable</s:key>
                <s:key name="status">StreamingTarget</s:key>
              </s:dict>
            </s:key>
            <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9">
              <s:dict>
                <s:key name="bucket_flags">0xffffffffffffffff</s:key>
                <s:key name="checksum"></s:key>
                <s:key name="checksum_state">StableCksum</s:key>
                <s:key name="search_state">Searchable</s:key>
                <s:key name="status">StreamingSource</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="service_after_time">0</s:key>
        <s:key name="standalone">0</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/master/buckets/{bucket_id}/fix

POST cluster/master/buckets/{bucket_id}/fix

Add the specified bucket to the fix list.

  • Note: Use this endpoint with caution. It is recommended to test the endpoint prior to use on an actual bucket.

For more information, see "Bucket-fixing scenarios" in Managing Indexers and Clusters of Indexers.

Authentication and Authorization

Requires the admin role or indexes_edit capability.

Request

None

Returned values

None

Example

curl -k -u admin:changeme https://localhost:8089/services/cluster/master/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/fix -X POST
  <title>clustermasterbuckets</title>
  <id>https://localhost:8089/services/cluster/master/buckets</id>
  <updated>2015-11-04T12:23:57-08:00</updated>
  <generator build="8effae892620f7b651853d141b7b7a6b61b929c0" version="20151102"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/buckets/_new" rel="create"/>
  <link href="/services/cluster/master/buckets/_acl" rel="_acl"/>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>

cluster/master/buckets/{bucket_id}/freeze

POST cluster/master/buckets/{bucket_id}/freeze

Set the bucket state to frozen.

  • Note: Use this endpoint with caution. It is recommended to test the endpoint prior to use on an actual bucket.

For more information, see "How the cluster handles frozen buckets" in Managing Indexers and Clusters of Indexers.

Authentication and Authorization

Requires the admin role or indexes_edit capability.

Request

None

Returned values

None

Example

curl -k -u admin:pass https://localhost:8089/services/cluster/master/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/freeze -X POST
  <title>clustermasterbuckets</title>
  <id>https://locahost:8089/services/cluster/master/buckets</id>
  <updated>2015-11-04T12:21:27-08:00</updated>
  <generator build="8effae892620f7b651853d141b7b7a6b61b929c0" version="20151102"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/buckets/_new" rel="create"/>
  <link href="/services/cluster/master/buckets/_acl" rel="_acl"/>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>

cluster/master/control

Provide access to master controls to rebalance primary buckets across peers.

POST cluster/master/control/control/rebalance_primaries

Rebalance primary buckets across all peers to this master.

For more information, see "Rebalance the indexer cluster primary buckets" in Managing Indexers and Clusters of Indexers.

Request

No parameters for this request.

Response Codes

Status Code Description
201 Rebalanced successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to reblance primary buckets for peers to this master.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

Rebalance primary buckets for all peers for this master.

curl -k -u admin:pass https://localhost:8089/services/cluster/master/control/control/rebalance_primaries \
	--request POST
<feed xmlns="http://www.w3.org/2005/Atom" 
      xmlns:s="http://dev.splunk.com/ns/rest" 
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermastercontrol</title>
  <id>https://vgenovese-centos62x64-2:8889/services/cluster/master/control</id>
  <updated>2013-08-21T13:08:52-07:00</updated>
  <generator build="176231" version="6.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
</feed>

cluster/master/generation

Provide access to information about the current generation for a master in a cluster.

GET cluster/master/generation

Lists information about the peer nodes participating in the current generation for this master.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view the generation information for the master.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
generation_id The ID for the current generation for this master.
generation_peers Lists the peers for this generation of the cluster.
pending_generation_id The next generation ID used by the master when committing a new generation.

This value is useful for debugging.

pending_last_attempt The timestamp of the last attempt to commit to the pending generation ID (if ever).
pending_last_reason The reason why this peer failed to commit to the pending generation.

This parameter is EMPTY if no such attempt was made.

Example

List information about the current generation for a cluster's master node.

curl -k -u admin:pass https://localhost:8089/services/cluster/master/generation
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermastergeneration</title>
  <id>https://localhost:8089/services/cluster/master/generation</id>
  <updated>2012-09-05T10:39:54-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>master</title>
    <id>https://localhost:8089/services/cluster/master/generation/master</id>
    <updated>2012-09-05T10:39:54-07:00</updated>
    <link href="/services/cluster/master/generation/master" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/generation/master" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="generation_id">2</s:key>
        <s:key name="generation_peers">
          <s:dict>
            <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516">
              <s:dict>
                <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key>
                <s:key name="peer">splunks-ombra.sv.splunk.com</s:key>
              </s:dict>
            </s:key>
            <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9">
              <s:dict>
                <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key>
                <s:key name="peer">splunks-ombra.sv.splunk.com</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="pending_generation_id">3</s:key>
        <s:key name="pending_last_attempt">0</s:key>
        <s:key name="pending_last_reason"></s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST cluster/master/generation

Create a new generation for a cluster.

Request

Name Type Required Default Description
name String
The URI of the searchhead node of a cluster upon which to create a new generation.
generation_poll_interval Number How often, in seconds, the searchhead polls the master for generation information.

Defaults to 60 seconds.

label String Server name for the Splunk instance specified by the name attribute.
mgmt_port String The managment port of searchhead node in a cluster upon which you are creating a new generation.
register_search_address String The address on which a peer node is available as search head.

This is useful in the cases where a splunk host machine has multiple interfaces and only one of them can be reached by another splunkd instance.

Response Codes

Status Code Description
201 Created successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to create another generation for the cluster.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

Attribute Description
generation_id The ID for the current generation for this master.
generation_peers Lists the peers for this generation of the cluster.
pending_generation_id The next generation ID used by the master when committing a new generation.

This value is useful for debugging.

pending_last_attempt The timestamp of the last attempt to commit to the pending generation ID (if ever).
pending_last_reason The reason why this peer failed to commit to the pending generation.

This parameter is EMPTY if no such attempt was made.

replication_factor_met Indicates if the replication factor was met for the cluster.
search_factor_met Indicates if the search factor was met for the cluster.
was_forced Indicates next generation was forcibly committed.

Example

Create a new generation for a cluster.

curl -k -u admin:pass https://wimpy:8089/services/cluster/master/generation \
	-d name=foo
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermastergeneration</title>
  <id>https://wimpy:8089/services/cluster/master/generation</id>
  <updated>2013-10-31T13:58:51-07:00</updated>
  <generator build="184661" version="20131030"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/generation/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity -->
  <s:messages/>
  <entry>
    <title>master</title>
    <id>https://wimpy:8089/services/cluster/master/generation/master</id>
    <updated>2013-10-31T13:58:51-07:00</updated>
    <link href="/services/cluster/master/generation/master" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/generation/master" rel="list"/>
    <link href="/services/cluster/master/generation/master" rel="edit"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai:acl nodes elided for brevity -->
        <s:key name="generation_id">5</s:key>
        <s:key name="generation_peers">
          <s:dict>
            <s:key name="11111111-1111-1111-1111-111111111111">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6431</s:key>
                <s:key name="peer">PEER1</s:key>
              </s:dict>
            </s:key>
            <s:key name="22222222-2222-2222-2222-222222222222">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6432</s:key>
                <s:key name="peer">PEER2</s:key>
              </s:dict>
            </s:key>
            <s:key name="33333333-3333-3333-3333-333333333333">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6433</s:key>
                <s:key name="peer">PEER3</s:key>
              </s:dict>
            </s:key>
            <s:key name="44444444-4444-4444-4444-444444444444">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6434</s:key>
                <s:key name="peer">PEER4</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="pending_generation_id">6</s:key>
        <s:key name="pending_last_attempt">0</s:key>
        <s:key name="pending_last_reason"></s:key>
        <s:key name="replication_factor_met">1</s:key>
        <s:key name="search_factor_met">1</s:key>
        <s:key name="was_forced">0</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/master/generation/{name}

GET cluster/master/generation/{name}

Lists information about the peer nodes participating in the current generation for this master.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view the generation information for the named master.
404 The generation for the named master does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
generation_id The ID of the current generation for this master.
generation_peers Lists the peers for this generation of the cluster.
pending_generation_id The next generation ID used by the master when committing a new generation.

This value is useful for debugging.

pending_last_attempt The timestamp of the last attempt to commit to the pending generation ID (if ever).
pending_last_reason The reason why this peer failed to commit to the pending generation.

This parameter is EMPTY if no such attempt was made.

Example

List information about the current generation for a cluster's master node.


curl -k -u admin:pass https://localhost:8089/services/cluster/master/generation/master
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermastergeneration</title>
  <id>https://localhost:8089/services/cluster/master/generation</id>
  <updated>2012-09-05T10:45:27-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>master</title>
    <id>https://localhost:8089/services/cluster/master/generation/master</id>
    <updated>2012-09-05T10:45:27-07:00</updated>
    <link href="/services/cluster/master/generation/master" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/generation/master" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai:acl nodes elided for brevity. -->
        <!-- eai:attributes nodes elided for brevity. -->
        <s:key name="generation_id">2</s:key>
        <s:key name="generation_peers">
          <s:dict>
            <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516">
              <s:dict>
                <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key>
                <s:key name="peer">splunks-ombra.sv.splunk.com</s:key>
              </s:dict>
            </s:key>
            <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9">
              <s:dict>
                <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key>
                <s:key name="peer">splunks-ombra.sv.splunk.com</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="pending_generation_id">3</s:key>
        <s:key name="pending_last_attempt">0</s:key>
        <s:key name="pending_last_reason"></s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST cluster/master/generation/{name}

Creates a new generation for the named search head. {name} is the GUID of the search head.

Request

Name Type Required Default Description
generation_poll_interval Number How often, in seconds, the searchhead polls the master for generation information.

Defaults to 60 seconds.

label String Server name for the search head specified by {name}.
mgmt_port String The managment port of searchhead node in a cluster upon which you are creating a new generation.
register_search_address String The address on which a peer node is available as search head.

This is useful in the cases where a splunk host machine has multiple interfaces and only one of them can be reached by another splunkd instance.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit generation data.
404 Requested resource does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

Attribute Description
generation_id The ID for the current generation for this master.
generation_peers Lists the peers for this generation of the cluster.
pending_generation_id The next generation ID used by the master when committing a new generation.

This value is useful for debugging.

pending_last_attempt The timestamp of the last attempt to commit to the pending generation ID (if ever).
pending_last_reason The reason why this peer failed to commit to the pending generation.

This parameter is EMPTY if no such attempt was made.

replication_factor_met Indicates if the replication factor was met for the cluster.
search_factor_met Indicates if the search factor was met for the cluster.
was_forced Indicates next generation was forcibly committed.

Example

Create a new generation for the generations specified by {name}

 curl -k -u admin:pass https://wimpy:8089/services/cluster/master/generation/foo \
      -X POST -d generation_poll_interval=62 -d label=PEER2
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermastergeneration</title>
  <id>https://wimpy:8089/services/cluster/master/generation</id>
  <updated>2013-10-31T14:37:20-07:00</updated>
  <generator build="184661" version="20131030"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/generation/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity -->
  <s:messages/>
  <entry>
    <title>master</title>
    <id>https://wimpy:8089/services/cluster/master/generation/master</id>
    <updated>2013-10-31T14:37:20-07:00</updated>
    <link href="/services/cluster/master/generation/master" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/generation/master" rel="list"/>
    <link href="/services/cluster/master/generation/master" rel="edit"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai:acl nodes elided for brevity -->
        <s:key name="generation_id">5</s:key>
        <s:key name="generation_peers">
          <s:dict>
            <s:key name="11111111-1111-1111-1111-111111111111">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6431</s:key>
                <s:key name="peer">PEER1</s:key>
              </s:dict>
            </s:key>
            <s:key name="22222222-2222-2222-2222-222222222222">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6432</s:key>
                <s:key name="peer">PEER2</s:key>
              </s:dict>
            </s:key>
            <s:key name="33333333-3333-3333-3333-333333333333">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6433</s:key>
                <s:key name="peer">PEER3</s:key>
              </s:dict>
            </s:key>
            <s:key name="44444444-4444-4444-4444-444444444444">
              <s:dict>
                <s:key name="host_port_pair">wimpy.splunk.com:6434</s:key>
                <s:key name="peer">PEER4</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="pending_generation_id">6</s:key>
        <s:key name="pending_last_attempt">0</s:key>
        <s:key name="pending_last_reason"></s:key>
        <s:key name="replication_factor_met">1</s:key>
        <s:key name="search_factor_met">1</s:key>
        <s:key name="was_forced">0</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/master/info

Access details about a master node in a cluster.

GET cluster/master/info

Lists details about the master node in a cluster.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view details about the Splunk server configured as a master.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
active_bundle Provides information about the active bundle for this master.
bundle_creation_time_on_master The time, in epoch seconds, when the bundle was created on the master.
bundle_validation_errors_on_master A list of bundle validation errors.
bundle_validation_in_progress Indicates if bundle validation is in progress.
bundle_validation_on_master_succeeded Indicates whether the master succeeded validating bundles.
data_safety_buckets_to_fix Lists the buckets to fix for the completion of data safety.
gen_commit_buckets_to_fix The buckets to be fixed before the next generation can be committed.
indexing_ready_flag Indicates if the cluster is ready for indexing.
initialized_flag Indicates if the cluster has been initialized.
label The name for the master that is displayed in the Splunk Manager page.
latest_bundle The most recent information reflecting any changes made to the master-apps configuration bundle.

In steady state, this is equal to active_bundle. If it is not equal, then pushing the latest bundle to all peers is in process (or needs to be started).

maintenance_mode Indicates if the cluster is in maintenance mode.
reload_bundle_issued Indicates if the bundle issued is being reloaded.
rep_count_buckets_to_fix Number of buckets to fix on peers.
rolling_restart_flag Indicates whether the master is restarting the peers in a cluster.
search_count_buckets_to_fix Number of buckets to fix to satisfy the search count.
service_ready_flag Indicates whether the master is ready to begin servicing, based on whether it is initialized.
start_time Timestamp corresponding to the creation of the master.

Example

Lists details about the master node in a cluster.

curl -k -u admin:pass https://localhost:8089/services/cluster/master/info
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermasterinfo</title>
  <id>http://greentea.sv.splunk.com:8089/services/cluster/master/info</id>
  <updated>2013-07-23T10:36:35-07:00</updated>
  <generator build="172635" version="6.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>master</title>
    <id>http://greentea.sv.splunk.com:8089/services/cluster/master/info/master</id>
    <updated>2013-07-23T10:36:35-07:00</updated>
    <link href="/services/cluster/master/info/master" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/info/master" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="active_bundle">
          <s:dict>
            <s:key name="bundle_path">/home/eserv/schoi/apple_master/splunk/var/run/splunk/cluster/remote-bundle/66e383cafa8ff1f033e2341e35fc2e09-1374594357.bundle</s:key>
            <s:key name="checksum">a98f211c7bc6b141bd4fe5775c7cd193</s:key>
            <s:key name="timestamp">1374594357</s:key>
          </s:dict>
        </s:key>
        <s:key name="bundle_creation_time_on_master">1374594357</s:key>
        <s:key name="bundle_validation_errors_on_master">
          <s:list/>
        </s:key>
        <s:key name="bundle_validation_in_progress">0</s:key>
        <s:key name="bundle_validation_on_master_succeeded">1</s:key>
        <s:key name="data_safety_buckets_to_fix">
          <s:dict>
            <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i1~620~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i2~480~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i3~599~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600994</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="gen_commit_buckets_to_fix">
          <s:dict>
            <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i1~620~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i2~480~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i3~599~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600994</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="indexing_ready_flag">1</s:key>
        <s:key name="initialized_flag">1</s:key>
        <s:key name="label">master_nc</s:key>
        <s:key name="latest_bundle">
          <s:dict>
            <s:key name="bundle_path">/home/eserv/schoi/apple_master/splunk/var/run/splunk/cluster/remote-bundle/66e383cafa8ff1f033e2341e35fc2e09-1374594357.bundle</s:key>
            <s:key name="checksum">a98f211c7bc6b141bd4fe5775c7cd193</s:key>
            <s:key name="timestamp">1374594357</s:key>
          </s:dict>
        </s:key>
        <s:key name="maintenance_mode">0</s:key>
        <s:key name="reload_bundle_issued">0</s:key>
        <s:key name="rep_count_buckets_to_fix">
          <s:dict>
            <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i1~620~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i2~480~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i3~599~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600994</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="rolling_restart_flag">0</s:key>
        <s:key name="search_count_buckets_to_fix">
          <s:dict>
            <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="_internal~1~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">resolved initial state</s:key>
                    <s:key name="timestamp">1374594631</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason"></s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i1~620~76AFDA4D-DAA7-48A8-A738-DD669A0853CD">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i2~480~C78EE60D-1233-4847-A92A-8FF2F0C8D797">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i3~599~DBF6A20D-3C94-4CD7-A2DE-AEE112BCE80D">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600994</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF">
              <s:dict>
                <s:key name="initial">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
                <s:key name="latest">
                  <s:dict>
                    <s:key name="reason">streaming success</s:key>
                    <s:key name="timestamp">1374600995</s:key>
                  </s:dict>
                </s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="service_ready_flag">1</s:key>
        <s:key name="start_time">1374594571</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/master/peers

Provides access to information about a master's set of peers.

GET cluster/master/peers

List information about a master's set of peers.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
list_buckets Boolean False Indicates whether to list the buckets for the peers to this master.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view information about the peers to this master.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
active_bundle_id The ID of the configuration bundle currently being used by the master.
base_generation_id The initial bundle generation ID recognized by this peer. Any searches from previous generations fail.

The initial bundle generation ID is created when a peer first comes online, restarts, or recontacts the master.

buckets List of buckets for this cluster.

The list of buckets is returned if the list_buckets param is set to true.

bundle_status Indicates the status of the cluster bundle. Valid values are:
ebundleTypeActive: Indicates that this is the bundle the peers are currently using.
ebundleTypeLatest: Indicates the most up to date bundle from the master. In steady state, it should match the active bundle. If unapplied changes have been recently made, it differs from the active bundle.
fixup_set The set of buckets that need to be fixed when a peer goes offline.

These are the buckets that were on the peer that went offline and need copies created or made searchable to satisfy the replication and search factor configured on the master. For more information, refer to What happens when a peer node goes down in the Splunk Managing Indexers and Clusters manual.

host_port_pair The host and port advertised to peers for the data replication channel.

Can be either of the form IP:port or hostname:port.

label The name for the peer that is displayed in the Splunk Manager page.
last_heartbeat Timestamp for last heartbeat recieved from the peer.
latest_bundle_id The ID of the configuration bundle this peer is using.
list_buckets Indicates whether to list the buckets for the peers to this master.
pending_job_count Used by the master to keep track of pending jobs requested by the master to this peer. If the number exceeds the max_peer_build_load, the master does not send a job to this peer to make a bucket searchable.
primary_count The number of buckets for which this peer is the primary. When a peer is the primary for a bucket, the peer returns the results from a search of that bucket.
replication_port TCP port to listen for replicated data from another cluster member.
replication_use_ssl Indicates whether to use SSL when sending replication data.
search_state_counter Lists the number of buckets on the peer for each search state for the bucket.

Possible values for search state include:

Searchable
Unsearchable
status Indicates the status of the peer.

Valid values are:

Up
Pending: Temporary state
Detention: Indicates the peer's queue is backed up.
Restarting: Temporary state
ShuttingDown:
ReassigningPrimaries: Temporary state
Decommissioning: Peer enters this state until bucket-fixing is complete before shutdown.
GracefulShutdown: Peer is shut down after after successful decommissioning
Down: Peer is offline for any reason other than through decommissioning.

For details on the status of a peer, refer to Peer details in the Managing Indexers and clusters manual.

status_counter Lists the number of buckets on the peer for each bucket status.

Possible values for bucket status:

Complete: complete (warm/cold) bucket
NonStreamingTarget: target of replication for already completed (warm/cold) bucket
PendingTruncate: bucket pending truncation
PendingDiscard: bucket pending discard
Standalone: bucket that is not replicated
StreamingError: copy of streaming bucket where some error was encountered
StreamingSource: streaming hot bucket on source side
StreamingTarget: streaming hot bucket copy on target side
Unset: uninitialized

Example

Lists information about peers to this server, which is configured as a master in a cluster configuration.

curl -k -u admin:pass https://localhost:8089/services/cluster/master/peers
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermasterpeers</title>
  <id>https://localhost:8089/services/cluster/master/peers</id>
  <updated>2012-09-05T11:02:08-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/peers/_new" rel="create"/>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>2AF11DD4-1424-4A14-A522-FB9D055E9516</title>
    <id>https://localhost:8089/services/cluster/master/peers/2AF11DD4-1424-4A14-A522-FB9D055E9516</id>
    <updated>2012-09-05T11:02:08-07:00</updated>
    <link href="/services/cluster/master/peers/2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/peers/2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="list"/>
    <link href="/services/cluster/master/peers/2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="edit"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="active_bundle_id">36a883f4d47af66f78531ef474349b59</s:key>
        <s:key name="base_generation_id">2</s:key>
        <s:key name="buckets">
          <s:list>
            <s:item>_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_audit~0~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
            <s:item>_audit~1~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_audit~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
            <s:item>_internal~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_internal~0~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
            <s:item>_internal~1~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
          </s:list>
        </s:key>
        <s:key name="bundle_status"></s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="fixup_set">
          <s:list/>
        </s:key>
        <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key>
        <s:key name="label">splunks-ombra.sv.splunk.com</s:key>
        <s:key name="last_heartbeat">1346868127</s:key>
        <s:key name="latest_bundle_id">36a883f4d47af66f78531ef474349b59</s:key>
        <s:key name="pending_job_count">0</s:key>
        <s:key name="primary_count">4</s:key>
        <s:key name="replication_port">7777</s:key>
        <s:key name="replication_use_ssl">0</s:key>
        <s:key name="search_state_counter">
          <s:dict>
            <s:key name="PendingSearchable">0</s:key>
            <s:key name="Searchable">8</s:key>
            <s:key name="SearchablePendingMask">0</s:key>
            <s:key name="Unsearchable">0</s:key>
          </s:dict>
        </s:key>
        <s:key name="status">Up</s:key>
        <s:key name="status_counter">
          <s:dict>
            <s:key name="Complete">4</s:key>
            <s:key name="NonStreamingTarget">0</s:key>
            <s:key name="StreamingSource">2</s:key>
            <s:key name="StreamingTarget">2</s:key>
          </s:dict>
        </s:key>
      </s:dict>
    </content>
  </entry>
  . . .
</feed>

cluster/master/peers/{name}

GET cluster/master/peers/{name}

List details to the named peer to this master.

Request

Name Type Required Default Description
list_buckets Boolean False Indicates whether to list the buckets for the peers to this master.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view information about the named peer.
404 Named peer does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
active_bundle_id The ID of the configuration bundle currently being used by the master.
base_generation_id The initial bundle generation ID recognized by this peer. Any searches from previous generations fail.

The initial bundle generation ID is created when a peer first comes online, restarts, or recontacts the master.

buckets List of buckets for this peer.
bundle_status Indicates the status of the cluster bundle. Valid values are:
ebundleTypeActive: Indicates that this is the bundle the peers are currently using.
ebundleTypeLatest: Indicates the most up to date bundle from the master. In steady state, it should match the active bundle. If unapplied changes have been recently made, it differs from the active bundle.
fixup_set The set of buckets that need repair once you take the peer offline.
host_port_pair The host and port advertised to peers for the data replication channel.

Can be either of the form IP:port or hostname:port.

label The name for the peer that is displayed in the Splunk Manager page.
last_heartbeat Timestamp for last heartbeat recieved from the peer.
latest_bundle_id The ID of the configuration bundle this peer is using.
list_buckets Indicates whether to list the buckets for the peers to this master.
pending_job_count Used by the master to keep track of pending jobs requested by the master to this peer. If the number exceeds the max_peer_build_load, the master does not send a job to this peer to make a bucket searchable.
primary_count The number of buckets for which this peer is the primary. When a peer is the primary for a bucket, the peer returns the results from a search of that bucket.
replication_port TCP port to listen for replicated data from another cluster member.
replication_use_ssl Indicates whether to use SSL when sending replication data.
search_state_counter Lists the number of buckets on the peer for each search state for the bucket.

Possible values for search state include:

Searchable
Unsearchable
status Indicates the status of the peer.

Valid values are:

Up
Down
Pending
Detention
Restarting
DecommAwaitPeer
DecommFixingBuckets
Decommissioned
status_counter Lists the number of buckets on the peer for each bucket status.

Possible values for bucket status:

Complete: complete (warm/cold) bucket
NonStreamingTarget: target of replication for already completed (warm/cold) bucket
PendingTruncate: bucket pending truncation
PendingDiscard: bucket pending discard
Standalone: bucket that is not replicated
StreamingError: copy of streaming bucket where some error was encountered
StreamingSource: streaming hot bucket on source side
StreamingTarget: streaming hot bucket copy on target side
Unset: uninitialized

Example

Lists information about the named Splunk server configured as a peer to this master in a cluster configuration. The peer is identified by its server ID>

curl -k -u admin:pass \
	https://localhost:8089/services/cluster/master/peers/B8B5E5C6-DB26-4952-AFB1-C5EFEFFFEA31
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustermasterpeers</title>
  <id>https://localhost:8089/services/cluster/master/peers</id>
  <updated>2012-09-05T11:07:35-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/master/peers/_new" rel="create"/>
  !-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>50FCDB42-E167-458D-A6A9-E4587E8F16D9</title>
    <id>https://localhost:8089/services/cluster/master/peers/50FCDB42-E167-458D-A6A9-E4587E8F16D9</id>
    <updated>2012-09-05T11:07:35-07:00</updated>
    <link href="/services/cluster/master/peers/50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/master/peers/50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="list"/>
    <link href="/services/cluster/master/peers/50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="edit"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="active_bundle_id">36a883f4d47af66f78531ef474349b59</s:key>
        <s:key name="base_generation_id">2</s:key>
        <s:key name="buckets">
          <s:list>
            <s:item>_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_audit~0~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
            <s:item>_audit~1~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_audit~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
            <s:item>_internal~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_internal~0~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
            <s:item>_internal~1~2AF11DD4-1424-4A14-A522-FB9D055E9516</s:item>
            <s:item>_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</s:item>
          </s:list>
        </s:key>
        <s:key name="bundle_status"></s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <!-- eai:attributes nodes elided for brevity. -->
        <s:key name="fixup_set">
          <s:list/>
        </s:key>
        <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key>
        <s:key name="label">splunks-ombra.sv.splunk.com</s:key>
        <s:key name="last_heartbeat">1346868455</s:key>
        <s:key name="latest_bundle_id">36a883f4d47af66f78531ef474349b59</s:key>
        <s:key name="pending_job_count">0</s:key>
        <s:key name="primary_count">4</s:key>
        <s:key name="replication_port">6666</s:key>
        <s:key name="replication_use_ssl">0</s:key>
        <s:key name="search_state_counter">
          <s:dict>
            <s:key name="PendingSearchable">0</s:key>
            <s:key name="Searchable">8</s:key>
            <s:key name="SearchablePendingMask">0</s:key>
            <s:key name="Unsearchable">0</s:key>
          </s:dict>
        </s:key>
        <s:key name="status">Up</s:key>
        <s:key name="status_counter">
          <s:dict>
            <s:key name="Complete">4</s:key>
            <s:key name="NonStreamingTarget">0</s:key>
            <s:key name="StreamingSource">2</s:key>
            <s:key name="StreamingTarget">2</s:key>
          </s:dict>
        </s:key>
      </s:dict>
    </content>
  </entry>
</feed>


cluster/searchhead/generation

Access the peers available to a searchhead in a cluster.

GET cluster/searchhead/generation

List the peers available to a searchhead in a cluster.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view peers to this searchhead.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
generation_id The current generation ID for this searchhead, which is part of a cluster configuration.

The search head uses this information to determine which buckets to search across.

generation_peers List of peer nodes for the current generation in the cluster configuration for this searchhead.

Example

Lists the peers available to the searchhead.

curl -k -u admin:pass https://localhost:8089/services/cluster/searchhead/generation
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustersearchheadgeneration</title>
  <id>https://localhost:8089/services/cluster/searchhead/generation</id>
  <updated>2012-09-05T11:13:45-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>master</title>
    <id>https://localhost:8089/services/cluster/searchhead/generation/master</id>
    <updated>2012-09-05T11:13:45-07:00</updated>
    <link href="/services/cluster/searchhead/generation/master" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/searchhead/generation/master" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="generation_id">2</s:key>
        <s:key name="generation_peers">
          <s:dict>
            <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516">
              <s:dict>
                <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key>
                <s:key name="peer">splunks-ombra.sv.splunk.com</s:key>
              </s:dict>
            </s:key>
            <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9">
              <s:dict>
                <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key>
                <s:key name="peer">splunks-ombra.sv.splunk.com</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/searchhead/generation/{name}

GET cluster/searchhead/generation/{name}

Lists the peers available to this searchhead from the specified master.

To specify the named master, provide the URI-encoded URI to the master.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view the named peer to the searchhead.
404 The named peer to the searchhead does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
generation_id The current generation ID for this searchhead, which is part of a cluster configuration.

The search head uses this information to determine which buckets to search across.

generation_peers List of peer nodes for the current generation in the cluster configuration for this searchhead.

Example

Lists details about a master node to a searchhead configured as a searchhead in multiple custers.

Note: The named master node is the URI-encoded URI of the master.

curl -k -u admin:pass \
	https://localhost:8089/services/cluster/searchhead/generation/https%3A%252F%252Fvgenovese-mbp15.sv.splunk.com%3A8989
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustersearchheadgeneration</title>
  <id>https://localhost:53791/services/cluster/searchhead/generation</id>
  <updated>2012-09-07T14:11:59-07:00</updated>
  <generator build="136859" version="20120906"/>
  <author>
    <name>Splunk</name>
  </author>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>https://ronnie.splunk.com:53112</title>
    <id>https://localhost:53791/services/cluster/searchhead/generation/https%3A%252F%252Fronnie.splunk.com%3A53112</id>
    <updated>2012-09-07T14:11:59-07:00</updated>
    <link href="/services/cluster/searchhead/generation/https%3A%252F%252Fronnie.splunk.com%3A53112" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/searchhead/generation/https%3A%252F%252Fronnie.splunk.com%3A53112" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai:acl nodes elided for brevity. -->
        <!-- eai:attributes nodes elided for brevity. -->
        <s:key name="generation_id">3</s:key>
        <s:key name="generation_peers">
          <s:dict>
            <s:key name="33333333-3333-3333-3333-333333333333">
              <s:dict>
                <s:key name="host_port_pair">10.1.42.3:53309</s:key>
                <s:key name="peer">peer3</s:key>
              </s:dict>
            </s:key>
            <s:key name="44444444-4444-4444-4444-444444444444">
              <s:dict>
                <s:key name="host_port_pair">10.1.42.3:53411</s:key>
                <s:key name="peer">peer4</s:key>
              </s:dict>
            </s:key>
          </s:dict>
        </s:key>
      </s:dict>
    </content>
  </entry>
</feed>


cluster/searchhead/searchheadconfig

Cluster configuration for a searchhead node in a cluster.

GET cluster/searchhead/searchheadconfig

Return cluster configuration for this server, which is a searchhead node in a cluster.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view cluster configuration for this server.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

List searchheads configured for this cluster

curl -k -u 
  admin:pass https://localhost:8089/services/cluster/searchhead/searchheadconfig
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustersearchheadconfig</title>
  <id>https://localhost:8089/services/cluster/searchhead/searchheadconfig</id>
  <updated>2013-10-31T14:04:45-07:00</updated>
  <generator build="184661" version="20131030"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/>
  <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity -->
  <s:messages/>
  <entry>
    <title>https://localhost:4567</title>
    <id>https://wimpy:7588/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567</id>
    <updated>2013-10-31T14:04:45-07:00</updated>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="list"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567/_reload" rel="_reload"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="edit"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai"acl nodes elided for brevity -->
        <s:key name="master_uri">https://localhost:4567</s:key>
        <s:key name="secret">********</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST cluster/searchhead/searchheadconfig

Configure this server as a searchhead node in a cluster.

Request

Name Type Required Default Description
name String
The URI of the master node in the cluster.
secret String
Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the master, it is not able to communicate with the master.

Corresponds to pass4SymmKey setting in server.conf.

Response Codes

Status Code Description
201 Created successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to configure this node as a searchhead in a cluster.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

Configure a server as a search head.

curl -k -u admin:pass https://wimpy:8089/services/cluster/searchhead/searchheadconfig \
	-d name=https://wimpy:4567 \
	-d secret=testsecret

<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustersearchheadconfig</title>
  <id>https://localhost:8089/services/cluster/searchhead/searchheadconfig</id>
  <updated>2013-10-31T14:04:45-07:00</updated>
  <generator build="184661" version="20131030"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/>
  <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/>
  <!-- opensearch nodes elided for brevity -->
  <s:messages/>
  <entry>
    <title>https://localhost:4567</title>
    <id>https://wimpy:8089/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567</id>
    <updated>2013-10-31T14:04:45-07:00</updated>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="list"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567/_reload" rel="_reload"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="edit"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <!-- eai"acl nodes elided for brevity -->
        <s:key name="master_uri">https://localhost:4567</s:key>
        <s:key name="secret">********</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

cluster/searchhead/searchheadconfig/{name}

DELETE cluster/searchhead/searchheadconfig/{name}

Remove this node from the cluster in which it is configured.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Deleted successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to remove this node from a cluster.
404 Specified resource does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

Delete the specified node, https://wimpy:8211, from the cluster.

The {name} parameter is URI-encoded in the example.

curl -k -u admin:changeme  --request DELETE \
    https://wimpy.splunk.com:8089/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Fwimpy%3A8211
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustersearchheadconfig</title>
  <id>https://wimpy.splunk.com:8089/services/cluster/searchhead/searchheadconfig</id>
  <updated>2013-11-05T14:34:42-08:00</updated>
  <generator build="184986" version="20131101"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/>
  <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
</feed>

GET cluster/searchhead/searchheadconfig/{name}

Return cluster configuration for this server, which is a searchhead node in a cluster.

Request

No parameters for this request.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view specified resource.
404 Specified resource does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

Get the cluster configuration for search head at https://localhost:4567. The {name} parameter is URI-encoded in the example.

% curl -k -u admin:pass \
    https://wimpy.splunk.com:7588/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567 
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clustersearchheadconfig</title>
  <id>https://wimpy.splunk.com:8089/services/cluster/searchhead/searchheadconfig</id>
  <updated>2013-11-05T14:43:00-08:00</updated>
  <generator build="184986" version="20131101"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/>
  <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/>
  <!-- openserch nodes elided for brevity -->
  <s:messages/>
  <entry>
    <title>https://localhost:4567</title>
    <id>https://wimpy.splunk.com:7588/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567</id>
    <updated>2013-11-05T14:43:00-08:00</updated>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="list"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567/_reload" rel="_reload"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="edit"/>
    <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="remove"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list>
                <s:item>master_uri</s:item>
                <s:item>secret</s:item>
              </s:list>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="master_uri">https://localhost:4567</s:key>
        <s:key name="secret">********</s:key>
      </s:dict>
    </content>
  </entry>
</feed>

POST cluster/searchhead/searchheadconfig/{name}

Update cluster configuration for this node, configured as a searchhead in a cluster.

Request

Name Type Required Default Description
master_uri String The URI of the master node in the cluster for which this searchhead is configured.
secret String Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the master, it is not able to communicate with the master.

Corresponds to pass4SymmKey setting in server.conf.

Response Codes

Status Code Description
200 Updated successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
402 The Splunk license in use has disabled this feature.
403 Insufficient permissions to edit cluster configuration information for this server.
404 The named server does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.
503 This feature has been disabled in Splunk configuration files.

Returned Values

No values returned for this request.

Example

UNDONE_curl_summary

curl -k -u admin:pass \
	https://localhost:8089/services/cluster/searchhead/searchheadconfig/{UNDONE_curl_name} \
	-d TEST_ONLY_no_ping_master=UNDONE_curl_param \
	-d master_uri=UNDONE_curl_param \
	-d secret=UNDONE_curl_param
UNDONE_curl_response


cluster/slave/buckets

Provides access to the bucket configuration for peers in a cluster.

GET cluster/slave/buckets

List the configuration for buckets for a peer in a cluster.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
generation_id String The generation ID for this peer.

For each generation, the master server in a cluster configuration assigns generation IDs. A generation identifies which copies of a cluster's buckets are primary and therefore can participate in a search.

offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view bucket configuration for this peer.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
checksum Used internally to identify this bucket.
earliest_time Indicates the time of the earliest event in this bucket.
generation_id The generation ID for this peer.
generations A sparse list of generation id to bucket primacy for the given peer.
latest_time Indicates the time for the latest event in this bucket.
search_state Indicates if the bucket is searchable.

Possible values:

Searchable
Unsearchable
status Indicates the status of this bucket.

Possible values:

Complete: Copy of this bucket contains the full complement of information
StreamingSource: The copy of this bucket is sending data to peer nodes for replication
StreamingTarget: The copy of this bucket is receiving replicated data.
NonStreamingTarget: This copy of a warm bucket replication is in progress. Once replication is complete, the status changes to Complete.
StreamingError: the copy of this bucket encountered errors while streaming data.
PendingTruncate: The master asked the peer to truncate this copy of the bucket to a certain size and is waiting for confirmation.
PendingDiscard: The master asked the peer to discard this copy of the bucket (for whatever reason, and is waiting for confirmation.
Standalone: A bucket in the cluster that is not replicated.

Example

List the configuration for buckets in a peer node of a cluster.

curl -k -u admin:pass https://localhost:8189/services/cluster/slave/buckets
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clusterslavebuckets</title>
  <id>https://localhost:8189/services/cluster/slave/buckets</id>
  <updated>2012-09-05T12:29:42-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</title>
    <id>https://localhost:8189/services/cluster/slave/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</id>
    <updated>2012-09-05T12:29:42-07:00</updated>
    <link href="/services/cluster/slave/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/slave/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="checksum"></s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="earliest_time">1346859162</s:key>
        <s:key name="generations">
          <s:dict>
            <s:key name="0">0x0</s:key>
          </s:dict>
        </s:key>
        <s:key name="latest_time">1346859257</s:key>
        <s:key name="search_state">Searchable</s:key>
        <s:key name="status">Complete</s:key>
      </s:dict>
    </content>
  </entry>
  . . .
</feed>

cluster/slave/buckets/{name}

DELETE cluster/slave/buckets/{name}

Remove the named bucket from the peer node of a cluster.

Specify the named bucket as {name} in the REST call as well as the bucket_id parameter.

Request

Name Type Required Default Description
bucket_id Sring
The identifier for the bucket to remove.

Response Codes

Status Code Description
200 Deleted successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to delete the named bucket.
404 Specified resource does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

No values returned for this request.

Example

Remove the named bucket from the peer node of a cluster.

curl -k -u admin:pass --request DELETE \
	https://wimpy:8089/services/cluster/slave/buckets/_internal~58~11111111-1111-1111-1111-111111111111 \
	-d bucket_id="_internal~58~11111111-1111-1111-1111-111111111111"  
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clusterslavebuckets</title>
  <id>https://wimpy:8089/services/cluster/slave/buckets</id>
  <updated>2013-10-31T14:48:18-07:00</updated>
  <generator build="184661" version="20131030"/>
  <author>
    <name>Splunk</name>
  </author>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
</feed>

GET cluster/slave/buckets/{name}

List details of the specified bucket, which is on a peer in a cluster.

Request

Name Type Required Default Description
generation_id String The generation ID for this peer.

For each generation, the master server in a cluster configuration assigns generation IDs. A generation identifies which copies of a cluster's buckets are primary and therefore can participate in a search.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view bucket configuration for this peer.
404 Specified bucket does not exist.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
checksum Used internally to identify this bucket.
eai:attributes See Accessing Splunk resources
earliest_time Indicates the time of the earliest event in this bucket.
generation_id The generation ID for this peer.
generations A sparse list of generation id to bucket primacy for the given peer.
latest_time Indicates the time for the latest event in this bucket.
search_state Indicates if the bucket is searchable.

Possible values:

Searchable
Unsearchable
status Indicates the status of this bucket.

Possible values:

Complete: Copy of this bucket contains the full complement of information
StreamingSource: The copy of this bucket is sending data to peer nodes for replication
StreamingTarget: The copy of this bucket is receiving replicated data.
NonStreamingTarget: This copy of a warm bucket replication is in progress. Once replication is complete, the status changes to Complete.
StreamingError: the copy of this bucket encountered errors while streaming data.
PendingTruncate: The master asked the peer to truncate this copy of the bucket to a certain size and is waiting for confirmation.
PendingDiscard: The master asked the peer to discard this copy of the bucket (for whatever reason, and is waiting for confirmation.
Standalone: A bucket in the cluster that is not replicated.

Example

List details of the named bucket, which is on a peer in a cluster.

curl -k -u admin:pass \
	https://localhost:8189/services/cluster/slave/buckets/_audit~0~B8B5E5C6-DB26-4952-AFB1-C5EFEFFFEA31
<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clusterslavebuckets</title>
  <id>https://localhost:8189/services/cluster/slave/buckets</id>
  <updated>2012-09-05T12:40:43-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</title>
    <id>https://localhost:8189/services/cluster/slave/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</id>
    <updated>2012-09-05T12:40:43-07:00</updated>
    <link href="/services/cluster/slave/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/slave/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="checksum"></s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list/>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list/>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="earliest_time">0</s:key>
        <s:key name="generations">
          <s:dict>
            <s:key name="0">0xffffffffffffffff</s:key>
          </s:dict>
        </s:key>
        <s:key name="latest_time">0</s:key>
        <s:key name="search_state">Searchable</s:key>
        <s:key name="status">StreamingSource</s:key>
      </s:dict>
    </content>
  </entry>
</feed>


cluster/slave/info

Provides access to information about peer nodes in a cluster.

GET cluster/slave/info

List information about a peer node in a cluster.

Request

Name Type Required Default Description
count Number 30 Indicates the maximum number of entries to return. To return all entries, specify 0.
offset Number 0 Index for first item to return.
search String Search expression to filter the response. The response matches field values against the search expression. For example:

search=foo matches any object that has "foo" as a substring in a field. search=field_name%3Dfield_value restricts the match to a single field. URI-encoding is required in this example.

sort_dir Enum asc Valid values: (asc | desc)

Indicates whether to sort returned entries in ascending or descending order.

sort_key String name Field to use for sorting.
sort_mode Enum auto Valid values: (auto | alpha | alpha_case | num)

Indicates the collating sequence for sorting the returned entries. auto: If all values of the field are numbers, collate numerically. Otherwise, collate alphabetically. alpha: Collate alphabetically. alpha_case: Collate alphabetically, case-sensitive. num: Collate numerically.

Response Codes

Status Code Description
200 Listed successfully.
400 Request error. See response body for details.
401 Authentication failure: must pass valid credentials with request.
403 Insufficient permissions to view information about the Splunk server.
409 Request error: this operation is invalid for this item. See response body for details.
500 Internal server error. See response body for details.

Returned Values

Attribute Description
active_bundle Current bundle being used by this peer.
base_generation_id The initial bundle generation ID recognized by this peer. Any searches from previous generations fail.

The initial bundle generation ID is created when a peer first comes online, restarts, or recontacts the master.

invalid_bundle_ids List of bundle ids which had validation errors in the peer.
is_registered Indicates if this peer is registered with the master in the cluster.
last_heartbeat_attempt Timestamp for the last attempt to contact the master.
latest_bundle Lists information about the most recent bundle downloaded from the master.
restart_state Indicates whether the peer needs to be restarted to enable its cluster configuration.
status Indicates the status of the peer.

Possible values:

Up
Down
Pending
Detention
Restarting
DecommAvaitingPeer
DecommFixingBuckets
Decommissioned

Example

Lists information about a peer node in a cluster.

curl -k -u admin:pass https://localhost:8189/services/cluster/slave/info

<feed xmlns="http://www.w3.org/2005/Atom"
      xmlns:s="http://dev.splunk.com/ns/rest"
      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>clusterslaveinfo</title>
  <id>https://localhost:8189/services/cluster/slave/info</id>
  <updated>2012-09-05T12:45:59-07:00</updated>
  <generator build="136169" version="5.0"/>
  <author>
    <name>Splunk</name>
  </author>
  <!-- opensearch nodes elided for brevity. -->
  <s:messages/>
  <entry>
    <title>slave</title>
    <id>https://localhost:8189/services/cluster/slave/info/slave</id>
    <updated>2012-09-05T12:45:59-07:00</updated>
    <link href="/services/cluster/slave/info/slave" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <link href="/services/cluster/slave/info/slave" rel="list"/>
    <content type="text/xml">
      <s:dict>
        <s:key name="active_bundle">
          <s:dict>
            <s:key name="bundle_path">/Applications/splunk-peer/var/run/splunk/cluster/remote-bundle/0f6078895127ab1f715ee78a6e1ff8a1-1346858928.bundle</s:key>
            <s:key name="checksum">36a883f4d47af66f78531ef474349b59</s:key>
            <s:key name="timestamp">1346858928</s:key>
          </s:dict>
        </s:key>
        <s:key name="base_generation_id">2</s:key>
        <!-- eai:acl nodes elided for brevity. -->
        <s:key name="invalid_bundle_ids">
          <s:list/>
        </s:key>
        <s:key name="is_registered">1</s:key>
        <s:key name="last_heartbeat_attempt">1346874358</s:key>
        <s:key name="latest_bundle">
          <s:dict>
            <s:key name="bundle_path">/Applications/splunk-peer/var/run/splunk/cluster/remote-bundle/0f6078895127ab1f715ee78a6e1ff8a1-1346858928.bundle</s:key>
            <s:key name="checksum">36a883f4d47af66f78531ef474349b59</s:key>
            <s:key name="timestamp">1346858928</s:key>
          </s:dict>
        </s:key>
        <s:key name="restart_state">NoRestart</s:key>
        <s:key name="status">Up</s:key>
      </s:dict>
    </content>
  </entry>
</feed>
PREVIOUS
Applications
  NEXT
Configurations

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters