Related Answers
This documentation does not apply to the most recent version of Splunk.
Click here for the latest version.
Download topic as PDF
Input endpoint examples
data/inputs/ad GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/ad
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/services/data/inputs/ad</id>
<updated>2011-07-29T19:13:28-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/ad/_new" rel="create"/>
<link href="/services/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>NearestDC</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/ad/NearestDC</id>
<updated>2011-07-29T19:13:28-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="index">default</s:key>
<s:key name="monitorSubtree">1</s:key>
<s:key name="startingNode"/>
<s:key name="targetDc"/>
</s:dict>
</content>
</entry>
</feed>
data/inputs/ad POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/admin/search/data/inputs/ad -d monitorSubtree=0 -d name=newdc
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:14:57-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/ad/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/ad/newdc
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:22:50-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/ad/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/ad/newdc
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:18:18-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>newdc</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad/newdc</id>
<updated>2011-07-29T19:18:18-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>index</s:item>
<s:item>startingNode</s:item>
<s:item>targetDc</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>monitorSubtree</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="index">default</s:key>
<s:key name="monitorSubtree">0</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/ad/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/ad/newdc -d monitorSubtree=1
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:20:16-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/all GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/all
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>all</title>
<id>https://localhost:8089/services/data/inputs/all</id>
<updated>2012-10-01T16:08:24-07:00</updated>
<generator build="138753" version="5.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/all/_new" rel="create"/>
<link href="/services/data/inputs/all/_reload" rel="_reload"/>
<link href="/services/data/inputs/all/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title></title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/all/</id>
<updated>2012-10-01T16:08:24-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/all/" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/all/" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/all//_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/all/" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/all//enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="cipherSuite">ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="host">splunks-ombra.sv.splunk.com</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>$SPLUNK_HOME/etc/splunk.version</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version</id>
<updated>2012-10-01T16:08:24-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_TCP_ROUTING">*</s:key>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="filecount">1</s:key>
<s:key name="host">splunks-ombra.sv.splunk.com</s:key>
<s:key name="index">_internal</s:key>
<s:key name="sourcetype">splunk_version</s:key>
</s:dict>
</content>
</entry>
. . . elided ...
</feed>
data/inputs/all/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/all/twitter
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>all</title>
<id>https://localhost:8089/services/data/inputs/all</id>
<updated>2012-07-11T08:03:17-07:00</updated>
<generator build="129290" version="5.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/all/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>twitter</title>
<id>https://localhost:8089/services/data/inputs/all/twitter</id>
<updated>2012-07-11T08:03:17-07:00</updated>
<link href="/services/data/inputs/all/twitter" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/all/twitter" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="description">Get data from Twitter.</s:key>
... eai:acl nodes and eai:attribute nodes elided ...
<s:key name="endpoint">
<s:dict>
<s:key name="args">
<s:dict>
<s:key name="name">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Name of the current feed using the user credentials supplied.</s:key>
<s:key name="order">0</s:key>
<s:key name="title">Twitter feed name</s:key>
</s:dict>
</s:key>
<s:key name="password">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your twitter password</s:key>
<s:key name="order">2</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Password</s:key>
</s:dict>
</s:key>
<s:key name="username">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Twitter ID.</s:key>
<s:key name="order">1</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Twitter ID/Handle</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="streaming_mode">simple</s:key>
<s:key name="title">Twitter</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/monitor GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/monitor
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/services/data/inputs/monitor</id>
<updated>2011-07-10T14:25:53-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/monitor/_new" rel="create"/>
<link href="/services/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>$SPLUNK_HOME/etc/splunk.version</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version</id>
<updated>2011-07-10T14:25:53-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_TCP_ROUTING">*</s:key>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="filecount">1</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">_internal</s:key>
<s:key name="sourcetype">splunk_version</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/monitor POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor -d name=/var/log
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:27:57-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/monitor/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:35:35-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/monitor/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:33:54-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog</id>
<updated>2011-07-10T14:33:54-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/members" rel="members"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>blacklist</s:item>
<s:item>check-index</s:item>
<s:item>check-path</s:item>
<s:item>crc-salt</s:item>
<s:item>followTail</s:item>
<s:item>host</s:item>
<s:item>host_regex</s:item>
<s:item>host_segment</s:item>
<s:item>ignore-older-than</s:item>
<s:item>index</s:item>
<s:item>recursive</s:item>
<s:item>rename-source</s:item>
<s:item>sourcetype</s:item>
<s:item>time-before-close</s:item>
<s:item>whitelist</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="filecount">108</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/monitor/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog -d recursive=false
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:35:28-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/monitor/{name}/members GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/members
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:34:28-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log/acpid</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid</id>
<updated>2011-07-10T14:34:28-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="remove"/>
<content type="text/xml">
<s:dict>
... eai:acl node elided ...
</s:dict>
</content>
</entry>
. . . elided . . .
</feed>
data/inputs/oneshot GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/oneshot
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>oneshotinput</title>
<id>https://localhost:8089/services/data/inputs/oneshot</id>
<updated>2011-07-08T01:48:04-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/oneshot/_new" rel="create"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log/distccd.log</title>
<id>https://localhost:8089/services/data/inputs/oneshot/%252Fvar%252Flog%252Fdistccd.log</id>
<updated>2011-07-08T01:48:04-07:00</updated>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fdistccd.log" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fdistccd.log" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="Bytes Indexed">7200768</s:key>
<s:key name="Offset">7200768</s:key>
<s:key name="Size">449630160</s:key>
<s:key name="Sources Indexed">0</s:key>
<s:key name="Spool Time">Fri Jul 8 01:47:53 PDT 2011</s:key>
... eai:acl node elided ...
</s:dict>
</content>
</entry>
</feed>
data/inputs/oneshot POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/oneshot -d name=/var/log/messages
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>oneshotinput</title>
<id>https://localhost:8089/services/data/inputs/oneshot</id>
<updated>2011-07-08T01:48:04-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/oneshot/_new" rel="create"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/oneshot/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>oneshotinput</title>
<id>https://localhost:8089/services/data/inputs/oneshot</id>
<updated>2011-07-08T01:49:20-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/oneshot/_new" rel="create"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log/messages</title>
<id>https://localhost:8089/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages</id>
<updated>2011-07-08T01:49:20-07:00</updated>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="Bytes Indexed">114822</s:key>
<s:key name="Offset">114822</s:key>
<s:key name="Size">114822</s:key>
<s:key name="Sources Indexed">0</s:key>
<s:key name="Spool Time">Fri Jul 8 01:48:04 PDT 2011</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/registry GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/registry
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/services/data/inputs/registry</id>
<updated>2011-07-29T19:31:32-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/registry/_new" rel="create"/>
<link href="/services/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Machine keys</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry/Machine%20keys</id>
<updated>2011-07-29T19:31:32-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="baseline">0</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hive">HKLM</s:key>
<s:key name="index">default</s:key>
<s:key name="monitorSubnodes">1</s:key>
<s:key name="proc">c:\.*</s:key>
<s:key name="type">
<s:list>
<s:item>set</s:item>
<s:item>create</s:item>
<s:item>delete</s:item>
<s:item>rename</s:item>
</s:list>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/registry POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/registry -d baseline=1 -d hive="HKU\\.*" -d name=mykeys -d proc="c:\\.*" -d type="set|create|delete|rename"
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:29:18-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/registry/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/registry/mykeys
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:36:54-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/registry/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/registry/mykeys
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:33:21-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>mykeys</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry/mykeys</id>
<updated>2011-07-29T19:33:21-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="baseline">1</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>index</s:item>
<s:item>monitorSubnodes</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>baseline</s:item>
<s:item>hive</s:item>
<s:item>proc</s:item>
<s:item>type</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="hive">HKU</s:key>
<s:key name="index">default</s:key>
<s:key name="monitorSubnodes">1</s:key>
<s:key name="proc">c:\.*</s:key>
<s:key name="type">
<s:list>
<s:item>set</s:item>
<s:item>create</s:item>
<s:item>delete</s:item>
<s:item>rename</s:item>
</s:list>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/registry/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/registry/mykeys -d baseline=1 -d hive="HKU\\.*" -d proc="c:\\.*" -d type="set|create"
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:36:07-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/script
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/services/data/inputs/script</id>
<updated>2011-07-09T20:16:11-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/script/_new" rel="create"/>
<link href="/services/data/inputs/script/_reload" rel="_reload"/>
<link href="/services/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/Applications/splunk4.3/etc/apps/unix/bin/cpu.sh</title>
<id>https://localhost:8089/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh</id>
<updated>2011-07-09T20:16:11-07:00</updated>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh" rel="list"/>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh" rel="edit"/>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="endtime">Sat Jul 9 20:15:54 2011</s:key>
<s:key name="group">exec commands</s:key>
<s:key name="host">myhost.splunk.com</s:key>
<s:key name="index">os</s:key>
<s:key name="interval">30</s:key>
<s:key name="source">cpu</s:key>
<s:key name="sourcetype">cpu</s:key>
<s:key name="starttime">Sat Jul 9 20:15:52 2011</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/script POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script -d name=/Applications/splunk4.3/etc/apps/myApp/bin/myScript.sh -d disabled=true -d interval=3600
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:25:17-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script/restart POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/restart -d script=/Applications/splunk/bin/scripts/myScript.sh
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:38:38-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk4.3%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:29:18-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T21:53:43-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/Applications/splunk/etc/apps/myApp/bin/myScript.sh</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh</id>
<updated>2011-07-09T21:53:43-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>interval</s:item>
<s:item>rename-source</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">exec commands</s:key>
<s:key name="host">ombroso-mbp15.splunk.com</s:key>
<s:key name="index">default</s:key>
<s:key name="interval">3600</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/script/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh -d interval=86400
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:27:59-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/tcp/cooked
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/services/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:50:50-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/services/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>9993</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9993</id>
<updated>2011-07-10T14:50:50-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/cooked POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked -d name=9998
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:52:33-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/tiny:9998
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:54:45-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:52:40-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>9998</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998</id>
<updated>2011-07-10T14:52:40-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>SSL</s:item>
<s:item>connection_host</s:item>
<s:item>disabled</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>queue</s:item>
<s:item>restrictToHost</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/cooked/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998 -d restrictToHost=tiny
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:52:54-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked/{name}/connections GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/connections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-13T14:55:18-0700</updated>
<generator version="101277"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>Cooked:9998:127.0.0.1:20089</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089</id>
<updated>2011-07-13T14:55:18-0700</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="connection">9998:127.0.0.1:20089</s:key>
... eai:acl node elided ...
<s:key name="servername">fool03.splunk.com</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/raw GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/tcp/raw
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/services/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/services/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44000</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44000</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/raw POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw -d name=44343
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/raw/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:31-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/raw/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:37:09-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44343</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343</id>
<updated>2011-07-08T02:37:09-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>SSL</s:item>
<s:item>connection_host</s:item>
<s:item>disabled</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>queue</s:item>
<s:item>restrictToHost</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/raw/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343 -d sourcetype=syslog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/raw/{name}/connections GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/tcp/raw/9998/connections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>raw</title>
<id>https://localhost:8089/services/data/inputs/tcp/raw</id>
<updated>2011-07-13T16:14:33-07:00</updated>
<generator version="103477"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/services/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Raw:9998:127.0.0.1</title>
<id>https://localhost:8089/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1</id>
<updated>2011-07-13T16:14:33-07:00</updated>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="list"/>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1/_reload" rel="_reload"/>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="edit"/>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="connection">9998:127.0.0.1</s:key>
... eai:acl node elided ...
<s:key name="servername"></s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/ssl GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/tcp/ssl
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>ssl</title>
<id>https://localhost:8089/services/data/inputs/tcp/ssl</id>
<updated>2011-07-12T15:02:58-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/ssl/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title/>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/tcp/ssl/</id>
<updated>2011-07-12T15:02:58-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl//_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="cipherSuite">ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="host">ombroso-mbp15.splunk.com</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/ssl/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/tcp/ssl/ssl
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>ssl</title>
<id>https://localhost:8089/services/data/inputs/tcp/ssl</id>
<updated>2011-07-12T15:04:41-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/ssl/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title/>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/tcp/ssl/</id>
<updated>2011-07-12T15:04:41-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl//_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="cipherSuite">ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="host">ombroso-mbp15.splunk.com</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/ssl/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/tcp/ssl/ssl -d disabled=true
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>ssl</title>
<id>https://localhost:8089/services/data/inputs/tcp/ssl</id>
<updated>2011-07-12T15:05:42-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/ssl/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/udp
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/services/data/inputs/udp</id>
<updated>2011-07-08T14:11:57-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/udp/_new" rel="create"/>
<link href="/services/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44000</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44000</id>
<updated>2011-07-08T14:11:57-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/udp POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp -d name=44321
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:13-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:53-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:27-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44321</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321</id>
<updated>2011-07-08T14:12:27-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>connection_host</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>no_appending_timestamp</s:item>
<s:item>no_priority_stripping</s:item>
<s:item>queue</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/udp/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321 -d sourcetype=syslog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:47-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp/{name}/connections GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/9998/connections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-13T17:08:18-07:00</updated>
<generator version="103477"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>127.0.0.1</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/127.0.0.1</id>
<updated>2011-07-13T17:08:18-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">hosts</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/win-event-log-collections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/services/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T11:26:47-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/services/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>localhost</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost</id>
<updated>2011-07-27T11:26:47-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>HardwareEvents</s:item>
<s:item>Internet Explorer</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections -d lookup_host=localhost -d name=mylogs -d logs=Application,System
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T11:56:24-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>localhost</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost</id>
<updated>2011-07-27T11:56:24-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>HardwareEvents</s:item>
<s:item>Internet Explorer</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">localhost</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T13:45:24-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/win-event-log-collections/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T12:00:38-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>mylogs</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs</id>
<updated>2011-07-27T12:00:38-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>hosts</s:item>
<s:item>index</s:item>
<s:item>logs</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>lookup_host</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="hosts"/>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application,System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">mylogs</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs -d lookup_host=localhost -d logs=Application
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T13:43:46-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>localhost</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost</id>
<updated>2011-07-27T13:43:46-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>HardwareEvents</s:item>
<s:item>Internet Explorer</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">localhost</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/win-wmi-collections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/services/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:00:24-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/services/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>CPUTime</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime</id>
<updated>2011-07-27T14:00:24-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="class">Win32_PerfFormattedData_PerfOS_Processor</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="fields">
<s:list>
<s:item>PercentProcessorTime</s:item>
<s:item>PercentUserTime</s:item>
</s:list>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list>
<s:item>_Total</s:item>
</s:list>
</s:key>
<s:key name="interval">3</s:key>
<s:key name="name"/>
<s:key name="server">localhost</s:key>
<s:key name="wql">SELECT PercentProcessorTime,PercentUserTime FROM Win32_PerfFormattedData_PerfOS_Processor WHERE Name="_Total"</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections -d classes=Win32_PerfFormattedData_PerfOS_Processor -d interval=5 -d lookup_host=localhost -d name=cpu
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:05:43-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>CPUTime</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime</id>
<updated>2011-07-27T14:05:43-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="index">default</s:key>
<s:key name="interval">3</s:key>
<s:key name="wql">SELECT PercentProcessorTime,PercentUserTime FROM Win32_PerfFormattedData_PerfOS_Processor WHERE Name="_Total"</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:21:17-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/win-wmi-collections/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:09:39-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>cpu</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu</id>
<updated>2011-07-27T14:09:39-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="classes">Win32_PerfFormattedData_PerfOS_Processor</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>fields</s:item>
<s:item>index</s:item>
<s:item>instances</s:item>
<s:item>server</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>classes</s:item>
<s:item>interval</s:item>
<s:item>lookup_host</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="fields">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">5</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">cpu</s:key>
<s:key name="server"/>
<s:key name="wql">Select * from Win32_PerfFormattedData_PerfOS_Processor</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu -d classes=Win32_PerfFormattedData_PerfOS_Processor -d interval=5 -d lookup_host=localhost -d server=xx.1.5.157,10.1.5.158
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:15:33-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>cpu</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu</id>
<updated>2011-07-27T14:15:33-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="classes">Win32_PerfFormattedData_PerfOS_Processor</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="fields">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">5</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">cpu</s:key>
<s:key name="server"/>
<s:key name="wql">Select * from Win32_PerfFormattedData_PerfOS_Processor</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/inputs/win-perfmon
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/services/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:42:06-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/services/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Available Memory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory</id>
<updated>2011-07-29T19:42:06-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">
<s:list>
<s:item>Available Bytes</s:item>
</s:list>
</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">10</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon -d interval=4 -d name=mymemory -d object=Memory
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:40:38-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Available Memory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory</id>
<updated>2011-07-29T19:40:38-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">Available Bytes</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="instances"/>
<s:key name="interval">10</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon/{name} DELETE
XML
XML Request
curl -k -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:47:06-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/win-perfmon/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:44:21-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>mymemory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory</id>
<updated>2011-07-29T19:44:21-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">
<s:list/>
</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>counters</s:item>
<s:item>disabled</s:item>
<s:item>index</s:item>
<s:item>instances</s:item>
<s:item>interval</s:item>
<s:item>object</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">4</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon/{name} POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory -d interval=10
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:45:59-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Available Memory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory</id>
<updated>2011-07-29T19:45:59-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">Available Bytes</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="instances"/>
<s:key name="interval">10</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/modular-inputs GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/modular-inputs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>modular-inputs</title>
<id>https://localhost:8089/services/data/modular-inputs</id>
<updated>2012-07-09T09:12:41-07:00</updated>
<generator build="129290" version="5.0"/>
<author>
<name>Splunk</name>
</author>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>s3</title>
<id>https://localhost:8089/services/data/modular-inputs/s3</id>
<updated>2012-07-09T09:12:41-07:00</updated>
<link href="/services/data/modular-inputs/s3" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/modular-inputs/s3" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="description">Get data from Amazon S3.</s:key>
... eai:acl node elided ...
<s:key name="endpoint">
<s:dict>
<s:key name="args">
<s:dict>
<s:key name="key_id">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Amazon key ID.</s:key>
<s:key name="order">1</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Key ID</s:key>
</s:dict>
</s:key>
<s:key name="name">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description"><![CDATA[An S3 resource name without the leading s3://. For example, for s3://bucket/file.txt specify bucket/file.txt. You can also monitor a whole bucket (for example by specifying 'bucket'), or files within a sub-directory of a bucket (for example 'bucket/some/directory/'; note the trailing slash).]]></s:key>
<s:key name="order">0</s:key>
<s:key name="title">Resource name</s:key>
</s:dict>
</s:key>
<s:key name="secret_key">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Amazon secret key.</s:key>
<s:key name="order">2</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Secret key</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="streaming_mode">xml</s:key>
<s:key name="title">Amazon S3</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>twitter</title>
<id>https://localhost:8089/services/data/modular-inputs/twitter</id>
. . . elided . . .
</entry>
</feed>
data/modular-inputs/{name} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/data/modular-inputs/twitter
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>modular-inputs</title>
<id>https://localhost:8089/services/data/modular-inputs</id>
<updated>2012-07-09T11:07:29-07:00</updated>
<generator build="129290" version="5.0"/>
<author>
<name>Splunk</name>
</author>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>twitter</title>
<id>https://localhost:8089/services/data/modular-inputs/twitter</id>
<updated>2012-07-09T11:07:29-07:00</updated>
<link href="/services/data/modular-inputs/twitter" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/modular-inputs/twitter" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="description">Get data from Twitter.</s:key>
... eai:acl and eai:attribute nodes elided ...
<s:key name="endpoint">
<s:dict>
<s:key name="args">
<s:dict>
<s:key name="name">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Name of the current feed using the user credentials supplied.</s:key>
<s:key name="order">0</s:key>
<s:key name="title">Twitter feed name</s:key>
</s:dict>
</s:key>
<s:key name="password">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your twitter password</s:key>
<s:key name="order">2</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Password</s:key>
</s:dict>
</s:key>
<s:key name="username">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Twitter ID.</s:key>
<s:key name="order">1</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Twitter ID/Handle</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="streaming_mode">simple</s:key>
<s:key name="title">Twitter</s:key>
</s:dict>
</content>
</entry>
</feed>
indexing/preview GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/indexing/preview
XML Response
feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
<title>preview</title> <id>https://localhost:8089/services/indexing/preview</id> <updated>2011-11-28T14:35:35-08:00</updated> <generator version="108769"/> <author> <name>Splunk</name> </author> <entry> <title>1322518170.8</title> <id>https://localhost:8089/services/indexing/preview/1322518170.8</id> <updated>2011-11-28T14:35:35-08:00</updated> <link href="/services/indexing/preview/1322518170.8" rel="alternate"/> <link href="/services/search/jobs/1322518170.8" rel="job"/> </entry> <entry> <title>1322519686.9</title> <id>https://localhost:8089/services/indexing/preview/1322519686.9</id> <updated>2011-11-28T14:35:35-08:00</updated> <link href="/services/indexing/preview/1322519686.9" rel="alternate"/> <link href="/services/search/jobs/1322519686.9" rel="job"/> </entry> <entry> <title>1322519724.10</title> <id>https://localhost:8089/services/indexing/preview/1322519724.10</id> <updated>2011-11-28T14:35:35-08:00</updated> <link href="/services/indexing/preview/1322519724.10" rel="alternate"/> <link href="/services/search/jobs/1322519724.10" rel="job"/> </entry>
</feed>
indexing/preview POST
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/indexing/preview -d input.path=/Applications/splunk/var/log/splunk/metrics.log
XML Response
<response>
<messages> <msg type='INFO'>1319496093.11</msg> </messages>
</response>
indexing/preview/{job_id} GET
XML
XML Request
curl -k -u admin:pass https://localhost:8089/services/indexing/preview/1319496093.11
XML Response
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
<title>1319496093.11</title>
<id>https://localhost:8089/services/indexing/preview/1319496093.11</id>
<updated>2011-10-24T15:44:09-07:00</updated>
<link href="/services/indexing/preview/1319496093.11" rel="alternate"/>
<content type="text/xml">
<s:dict>
<s:key name="explicit">
<s:dict>
<s:key name="PREFERRED_SOURCETYPE">
<s:dict>
<s:key name="value">splunkd</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="inherited">
<s:dict>
<s:key name="ANNOTATE_PUNCT">
<s:dict>
<s:key name="value">True</s:key>
<s:key name="stanza">default</s:key>
</s:dict>
</s:key>
. . . elided . . .
<s:key name="sourcetype">
<s:dict>
<s:key name="value">splunkd</s:key>
<s:key name="stanza">source::.../var/log/splunk/metrics.log(.\d+)?</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
<link href="/services/search/jobs/1319496093.11" rel="job"/>
</entry>
receivers/simple POST
XML
XML Request
curl -k -u admin:pass "https://localhost:8089/services/receivers/simple?source=www&sourcetype=web_event" -d "Sun Jul 10 15:56:02 PDT 2011 User myusername logged in successfully."
XML Response
<response>
<results>
<result>
<field k="_index">
<value>
<text>default</text>
</value>
</field>
<field k="bytes">
<value>
<text>67</text>
</value>
</field>
<field k="host">
<value>
<text>127.0.0.1</text>
</value>
</field>
<field k="source">
<value>
<text>www</text>
</value>
</field>
<field k="sourcetype">
<value>
<text>web_event</text>
</value>
</field>
</result>
</results>
</response>
receivers/stream POST
Python
Python Request
import httplib, time
conn = httplib.HTTPSConnection("localhost", 8089)
conn.connect()
conn.putrequest("POST", "/services/receivers/stream?source=www&sourcetype=web_data")
conn.putheader("Authorization", "Splunk 67bed982ce1af9ba2e393b15ed63c916")
conn.putheader("x-splunk-input-mode", "streaming")
conn.endheaders()
i = 0
while i < 100:
conn.send("%s A sample event (idx: %s).\n" % (time.asctime(), i))
time.sleep(1)
i += 1
conn.close()
Python Response
Streamed data
|
PREVIOUS Input endpoint descriptions |
NEXT Introspection endpoint descriptions |
This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15
Feedback submitted, thanks!