Related Answers
Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk.
Click here for the latest version.
Download topic as PDF
Application endpoint examples
apps/appinstall POST
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/appinstall/ -d name=c:/tmp/splunk-dashboard-examples_50.tgz
XML Response
.
.
.
<title></title>
<id>https://localhost:8089/services/apps/appinstall</id>
<updated>2014-07-01T09:44:41-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/appinstall/_new" rel="create"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>dashboard_examples</title>
<id>https://localhost:8089/services/apps/appinstall/dashboard_examples</id>
<updated>2014-07-01T09:44:41-07:00</updated>
<link href="/services/apps/appinstall/dashboard_examples" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/appinstall/dashboard_examples" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="location">C:\Program Files\Splunk\etc\apps\dashboard_examples</s:key>
<s:key name="name">dashboard_examples</s:key>
<s:key name="source_location">c:/tmp/splunk-dashboard-examples_50.tgz</s:key>
<s:key name="status">installed</s:key>
</s:dict>
</content>
</entry>
apps/apptemplates GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/apptemplates
XML Response
.
.
.
<title></title>
<id>https://localhost:8089/services/apps/apptemplates</id>
<updated>2014-07-01T09:50:36-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<opensearch:totalResults>2</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>barebones</title>
<id>https://localhost:8089/services/apps/apptemplates/barebones</id>
<updated>2014-07-01T09:50:36-07:00</updated>
<link href="/services/apps/apptemplates/barebones" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/apptemplates/barebones" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="lol">wut</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>sample_app</title>
<id>https://localhost:8089/services/apps/apptemplates/sample_app</id>
<updated>2014-07-01T09:50:36-07:00</updated>
<link href="/services/apps/apptemplates/sample_app" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/apptemplates/sample_app" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="lol">wut</s:key>
</s:dict>
</content>
</entry>
apps/apptemplates/{name} GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/apptemplates/sample_app
XML Response
.
.
.
<title></title>
<id>https://localhost:8089/services/apps/apptemplates</id>
<updated>2014-07-01T09:54:23-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>sample_app</title>
<id>https://localhost:8089/services/apps/apptemplates/sample_app</id>
<updated>2014-07-01T09:54:23-07:00</updated>
<link href="/services/apps/apptemplates/sample_app" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/apptemplates/sample_app" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="lol">wut</s:key>
</s:dict>
</content>
</entry>
apps/local GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local
XML Response
<title>localapps</title>
<id>https://localhost:17001/services/apps/local</id>
<updated>2015-10-13T17:53:03-07:00</updated>
<generator build="a1c9b18fdcfc" version="6.3.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<link href="/services/apps/local/_acl" rel="_acl"/>
<opensearch:totalResults>16</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>alert_logevent</title>
<id>https://localhost:17001/servicesNS/nobody/system/apps/local/alert_logevent</id>
<updated>2015-10-13T17:53:03-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent" rel="remove"/>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent/disable" rel="disable"/>
<link href="/servicesNS/nobody/system/apps/local/alert_logevent/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Splunk</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">1</s:key>
<s:key name="core">1</s:key>
<s:key name="description">Log Event Alert Action</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">Log Event Alert Action</s:key>
<s:key name="managed_by_deployment_client">0</s:key>
<s:key name="show_in_nav">1</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">6.4.0</s:key>
<s:key name="visible">0</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>alert_webhook</title>
<id>https://localhost:17001/servicesNS/nobody/system/apps/local/alert_webhook</id>
<updated>2015-10-13T17:53:03-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook" rel="remove"/>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook/disable" rel="disable"/>
<link href="/servicesNS/nobody/system/apps/local/alert_webhook/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Splunk</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">1</s:key>
<s:key name="core">1</s:key>
<s:key name="description">Webhook Alert Action</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">Webhook Alert Action</s:key>
<s:key name="managed_by_deployment_client">0</s:key>
<s:key name="show_in_nav">1</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">6.4.0</s:key>
<s:key name="visible">0</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>appsbrowser</title>
<id>https://localhost:17001/servicesNS/nobody/system/apps/local/appsbrowser</id>
<updated>2015-10-13T17:53:03-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/appsbrowser" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/appsbrowser" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/appsbrowser/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/appsbrowser" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/appsbrowser/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Splunk</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">1</s:key>
<s:key name="core">1</s:key>
<s:key name="description">Browse apps available to install.</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>power</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">Apps Browser</s:key>
<s:key name="managed_by_deployment_client">0</s:key>
<s:key name="show_in_nav">0</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">6.4.0</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>framework</title>
<id>https://localhost:17001/servicesNS/nobody/system/apps/local/framework</id>
<updated>2015-10-13T17:53:03-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/framework" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/framework" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/framework/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/framework" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/framework" rel="remove"/>
<link href="/servicesNS/nobody/system/apps/local/framework/disable" rel="disable"/>
<link href="/servicesNS/nobody/system/apps/local/framework/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">0</s:key>
<s:key name="core">1</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">framework</s:key>
<s:key name="managed_by_deployment_client">0</s:key>
<s:key name="show_in_nav">1</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="visible">0</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>gettingstarted</title>
<id>https://localhost:17001/servicesNS/nobody/system/apps/local/gettingstarted</id>
<updated>2015-10-13T17:53:03-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted" rel="remove"/>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted/enable" rel="enable"/>
<link href="/servicesNS/nobody/system/apps/local/gettingstarted/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Splunk</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">1</s:key>
<s:key name="core">1</s:key>
<s:key name="description">Get started with Splunk. This app introduces you to many of Splunk's features. You'll learn how to use Splunk to index data, search and investigate, add knowledge, monitor and alert, report and analyze.</s:key>
<s:key name="disabled">1</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>power</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">Getting started</s:key>
<s:key name="managed_by_deployment_client">0</s:key>
<s:key name="show_in_nav">1</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">1.0</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
.
.
.
apps/local POST
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local -d name=restDemo
XML Response
<title></title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2014-07-01T10:09:37-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>restDemo</title>
<id>https://localhost:8089/servicesNS/nobody/system/apps/local/restDemo</id>
<updated>2014-07-01T10:09:37-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/restDemo/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author"></s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">0</s:key>
<s:key name="description"></s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>power</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">restDemo</s:key>
<s:key name="name">restDemo</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">1.0</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
apps/local/{name} DELETE
XML
XML Request
curl -k -u admin:changeme --request DELETE https://localhost:8089/services/apps/local/sample_app
XML Response
. . . <title>localapps</title> <id>https://localhost:8089/services/apps/local</id> <updated>2014-07-15T10:24:35-07:00</updated> <generator build="200839" version="6.1"/> <author> <name>Splunk</name> </author> <link href="/services/apps/local/_new" rel="create"/> <link href="/services/apps/local/_reload" rel="_reload"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages> <s:msg type="INFO">Restart required by: indexes</s:msg> </s:messages>
apps/local/{name} GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local/dashboard_examples
XML Response
.
.
.
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2014-07-01T10:23:46-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>dashboard_examples</title>
<id>https://localhost:8089/servicesNS/nobody/system/apps/local/dashboard_examples</id>
<updated>2014-07-01T10:23:46-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples" rel="remove"/>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples/disable" rel="disable"/>
<link href="/servicesNS/nobody/system/apps/local/dashboard_examples/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author">Splunk, Inc.</s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">0</s:key>
<s:key name="description"><![CDATA[Example dashboards, forms, and views for Splunk 5+. This is the succesor app to UI Examples 4.1+. Splunk Dashboard Examples contains over 50 examples updated for Splunk 5. Each example contains inline documenation to help get you started building Splunk dashboards.]]></s:key>
<s:key name="details">https://splunkbase.splunk.com/apps/id/dashboard_examples</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>author</s:item>
<s:item>check_for_updates</s:item>
<s:item>configured</s:item>
<s:item>description</s:item>
<s:item>label</s:item>
<s:item>version</s:item>
<s:item>visible</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="label">Splunk Dashboard Examples</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">5.0</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
apps/local/{name} POST
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local/restDemo -d version=1.1
XML Response
.
.
.
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2014-07-01T10:28:35-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>restDemo</title>
<id>https://localhost:8089/servicesNS/nobody/system/apps/local/restDemo</id>
<updated>2014-07-01T10:28:35-07:00</updated>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="list"/>
<link href="/servicesNS/nobody/system/apps/local/restDemo/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="edit"/>
<link href="/servicesNS/nobody/system/apps/local/restDemo" rel="remove"/>
<link href="/servicesNS/nobody/system/apps/local/restDemo/package" rel="package"/>
<content type="text/xml">
<s:dict>
<s:key name="author"></s:key>
<s:key name="check_for_updates">1</s:key>
<s:key name="configured">0</s:key>
<s:key name="description"></s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">system</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>power</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="label">restDemo</s:key>
<s:key name="state_change_requires_restart">0</s:key>
<s:key name="version">1.1</s:key>
<s:key name="visible">1</s:key>
</s:dict>
</content>
</entry>
apps/local/{name}/package GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local/restDemo/package
XML Response
.
.
.
<title></title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2014-07-01T10:46:43-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>Package</title>
<id>https://localhost:8089/services/apps/local/Package</id>
<updated>2014-07-01T10:46:43-07:00</updated>
<link href="/services/apps/local/Package" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/Package/setup" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="name">restDemo</s:key>
<s:key name="path">C:\Program Files\Splunk\etc\system\static\app-packages\restDemo.spl</s:key>
<s:key name="url">https://ghartsell-t420s:8089/static/app-packages/restDemo.spl</s:key>
</s:dict>
</content>
</entry>
apps/local/{name}/setup GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local/unix/setup
XML Response
.
.
.
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2011-07-13T11:24:35-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
... opensearch elements elided ...
<s:messages/>
<entry>
<title>unix</title>
<id>https://localhost:8089/servicesNS/nobody/unix/apps/local/unix</id>
<updated>2011-07-13T11:24:35-07:00</updated>
<link href="/servicesNS/nobody/unix/apps/local/unix" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/unix/apps/local/unix/setup" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="/admin/script/.%252Fbin%252Fcpu.sh/enabled">1</s:key>
<s:key name="/admin/script/.%252Fbin%252Fcpu.sh/interval">30</s:key>
<s:key name="/admin/script/.%252Fbin%252Fdf.sh/enabled">1</s:key>
<s:key name="/admin/script/.%252Fbin%252Fdf.sh/interval">300</s:key>
... elided ...
<s:key name="/admin/script/.%252Fbin%252Fwho.sh/enabled">1</s:key>
<s:key name="/admin/script/.%252Fbin%252Fwho.sh/interval">150</s:key>
... eai:acl element elided ...
... eai:attributes element elided ...
<s:key name="eai:setup">
<![CDATA[<?xml version="1.0" encoding="UTF-8"?> <SetupInfo> <block title="Welcome to the Splunk for nix App"> <text>The Splunk for nix app provides some sample searches and reports to boot-strap your use of Splunk for Unix host management. To work, it needs certain inputs enabled. These system metrics drive the sample dashboards. Please review and confirm the inputs below before proceeding.</text> </block> <block title="CPU Stats (sar / mpstat / etc.)" endpoint="admin/script" entity=".%252Fbin%252Fcpu.sh"> <input field="interval" id="/admin/script/.%252Fbin%252Fcpu.sh/interval"> <label>Polling Interval (sec)</label> <type>text</type> </input> <input field="enabled" id="/admin/script/.%252Fbin%252Fcpu.sh/enabled"> <label>Enable</label> <type>bool</type> </input> </block>
. . .
<block title="Time Query (date, ntpdate -q)" endpoint="admin/script" entity=".%252Fbin%252Ftime.sh"> <input field="interval" id="/admin/script/.%252Fbin%252Ftime.sh/interval"> <label>Polling Interval (sec)</label> <type>text</type> </input> <input field="enabled" id="/admin/script/.%252Fbin%252Ftime.sh/enabled"> <label>Enable</label> <type>bool</type> </input> </block> <block title="Linux Audit Log (/var/log/audit/audit.log | ausearch)" endpoint="admin/script" entity=".%252Fbin%252Frlog.sh"> <input field="interval" id="/admin/script/.%252Fbin%252Frlog.sh/interval"> <label>Polling Interval (sec)</label> <type>text</type> </input> <input field="enabled" id="/admin/script/.%252Fbin%252Frlog.sh/enabled"> <label>Enable</label> <type>bool</type> </input> </block> <block title="Warning"> <text>Submitting this form can take a long time. Please be patient and wait for it to complete before navigating away from this page.</text> </block> </SetupInfo> ]]> </s:key>
</s:dict>
</content>
</entry>
apps/local/{name}/update GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/apps/local/gettingstarted/update
XML Response
.
.
.
<title>localapps</title>
<id>https://localhost:8089/services/apps/local</id>
<updated>2014-07-15T10:34:13-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/apps/local/_new" rel="create"/>
<link href="/services/apps/local/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>gettingstarted</title>
<id>https://localhost:8089/services/apps/local/gettingstarted</id>
<updated>2014-07-15T10:34:13-07:00</updated>
<link href="/services/apps/local/gettingstarted" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/apps/local/gettingstarted" rel="list"/>
<link href="/services/apps/local/gettingstarted/_reload" rel="_reload"/>
<link href="/services/apps/local/gettingstarted" rel="edit"/>
<link href="/services/apps/local/gettingstarted" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
</entry>
Last modified on 21 April, 2017
|
PREVIOUS Application endpoint descriptions |
NEXT Cluster endpoint descriptions |
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10
Feedback submitted, thanks!