Splunk® Enterprise

Developing Views and Apps for Splunk Web

Acrobat logo Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Setup screen example using a custom endpoint

This example shows how to create a setup screen that use the Splunk Enterprise REST API to configure a custom endpoint. The custom endpoint maps to a configuration file you create at $SPLUNK_HOME/etc/apps/<myApp>/default/myappsetup.conf.


To update a custom endpoint, do the following:

  1. Create your custom configuration file with the initial values for your setup screen.
  2. Create a stanza in restmap.conf that maps your endpoint to your custom configuration file.
  3. Write a python script that initializes your setup screen and handles the user-entered values.
  4. Write setup.xml.

1. Create a custom configuration file with default values

This example uses a configuration file to initialize the default values for the stanza [setupentity]. The entity attribute in setup.xml refers to this stanza.

However, you can also initialize the default values in your python script.


field_1 = 
field_3 = 60
field_2_boolean = 0

2. Example stanza in restmap.conf

The following example stanza in restmap.conf sets up a custom endpoint at:



. . .

handlertype = python
handlerfile = MyApp_python_handler.py
handleractions = list, edit
. . .

[admin_external:<endpoint_name>] Names the endpoint. Make sure you use a unique name for your endpoint.

handlertype Specifies the language of the REST endpoint script. Currently, the Splunk platform only supports python for custom endpoints.

handlerfile The name of the python script. Place the script here: $SPLUNK_HOME/etc/apps/<app_name>/bin

handleractions Actions supported by the script. list displays the initial field values. edit updates the endpoint when the user saves the setup screen.

3. Example python script that implements a new endpoint

The python script looks for the configuration file, myappsetup.conf in either .../default or .../local. It also searches for values for the fields defined in the configuration file, and writes any changes to .../local.


import splunk.admin as admin
import splunk.entity as en
# import your required python modules

Copyright (C) 2005 - 2010 Splunk Inc. All Rights Reserved.
Description:  This skeleton python script handles the parameters in the configuration page.

      handleList method: lists configurable parameters in the configuration page
      corresponds to handleractions = list in restmap.conf

      handleEdit method: controls the parameters and saves the values 
      corresponds to handleractions = edit in restmap.conf


class ConfigApp(admin.MConfigHandler):
  Set up supported arguments
  def setup(self):
    if self.requestedAction == admin.ACTION_EDIT:
      for arg in ['field_1', 'field_2_boolean', 'field_3']:
  Read the initial values of the parameters from the custom file
      myappsetup.conf, and write them to the setup screen. 

  If the app has never been set up,
      uses .../<appname>/default/myappsetup.conf. 

  If app has been set up, looks at 
      .../local/myappsetup.conf first, then looks at 
  .../default/myappsetup.conf only if there is no value for a field in

  For boolean fields, may need to switch the true/false setting.

  For text fields, if the conf file says None, set to the empty string.

  def handleList(self, confInfo):
    confDict = self.readConf("myappsetup")
    if None != confDict:
      for stanza, settings in confDict.items():
        for key, val in settings.items():
          if key in ['field_2_boolean']:
            if int(val) == 1:
              val = '0'
              val = '1'
          if key in ['field_1'] and val in [None, '']:
            val = ''
          confInfo[stanza].append(key, val)
  After user clicks Save on setup screen, take updated parameters,
  normalize them, and save them somewhere
  def handleEdit(self, confInfo):
    name = self.callerArgs.id
    args = self.callerArgs
    if int(self.callerArgs.data['field_3'][0]) < 60:
      self.callerArgs.data['field_3'][0] = '60'
    if int(self.callerArgs.data['field_2_boolean'][0]) == 1:
      self.callerArgs.data['field_2_boolean'][0] = '0'
      self.callerArgs.data['field_2_boolean'][0] = '1'
    if self.callerArgs.data['field_1'][0] in [None, '']:
      self.callerArgs.data['field_1'][0] = ''  

    Since we are using a conf file to store parameters, 
write them to the [setupentity] stanza
    in <appname>/local/myappsetup.conf  
    self.writeConf('myappsetup', 'setupentity', self.callerArgs.data)
# initialize the handler
admin.init(ConfigApp, admin.CONTEXT_NONE)

4. Create setup.xml

Here is the setup.xml file that creates the setup screen for the custom endpoint.

  <block title="Configure This App">
    <text>Setup screen with custom endpoints</text>

  <block title="A text input"
         endpoint="mycustom/customendpoint" entity="setupentity">

      <input field="field_1">
        <label>Enter your text</label>


  <block title="Enable and set a numeric value"
         endpoint="mycustom/customendpoint" entity="setupentity">

    <input field="field_2_boolean">
      <label>Enable This Input</label>

    <input field="field_3" endpoint="mycustom/customendpoint" entity="setupentity">
      <label>Set this number (minimum value=60)</label>


Last modified on 18 August, 2016
Setup screen example in setup.xml
Setup screen example with user credentials

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters