System endpoint descriptions
Manage server configuration settings and messages.
Usage details
Review ACL information for an endpoint
To check Access Control List (ACL) properties for an endpoint, append /acl to the path. For more information see Access Control List in the REST API User Manual.
Authentication and Authorization
Username and password authentication is required for access to endpoints and REST operations.
Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.
App and user context
Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. For more information about specifying a namespace, see Namespace in the REST API User Manual.
Additional introspection information
See Introspection endpoint descriptions for the system endpoints related to introspection.
Splunk Cloud Platform limitations
As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. System endpoints are generally not accessible in Splunk Cloud Platform.
See Access requirements and limitations for the Splunk Cloud Platform REST API in the the REST API Tutorials manual for more information.
messages
https://<host>:<mPort>/services/messages
Access and create system messages. Most messages are created by splunkd to inform the user of system information, including license quotas, license expirations, misconfigured indexes, and disk space. Splunk Web displays these as bulletin board messages.
GET
Show systemwide messages.
Request parameters
Pagination and filtering parameters can be used with this method.
Response keys
Depending on the system status, messages returned vary. Messages returned in the response include a name and description, as in the following example.
| Name | Description |
|---|---|
| help | For internal use only |
| <message_name> | The message name depends on the specific message returned. This field might contain the same text as the message field. In the following example response, this field is "manifest_error".
|
| message | Message text |
| server | Name of the server that generated the error |
| severity | One of the following message severity values
|
| timeCreated_epochSecs | Timestamp when the message was posted |
| timeCreated_iso | ISO formatted timestamp |
Example request and response
XML Request
curl -k -u admin:changed https://localhost:8089/services/admin/messages
XML Response
<title>messages</title>
<id>https://10.140.53.114:8089/services/admin/messages</id>
...
<entry>
<title>manifest_error</title>
<id>https://10.140.53.114:8089/services/admin/messages/manifest_error</id>
<updated>2016-09-01T13:10:34-07:00</updated>
<link href="/services/admin/messages/manifest_error" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/admin/messages/manifest_error" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="help"></s:key>
<s:key name="manifest_error">File Integrity checks found 145 files that did not match the system-provided manifest. See splunkd.log for details.</s:key>
<s:key name="message">File Integrity checks found 145 files that did not match the system-provided manifest. See splunkd.log for details.</s:key>
<s:key name="server">docs-unix-4</s:key>
<s:key name="severity">warn</s:key>
<s:key name="timeCreated_epochSecs">1472739529</s:key>
<s:key name="timeCreated_iso">2016-09-01T07:18:49-07:00</s:key>
</s:dict>
</content>
</entry>
POST
Create a persistent message displayed at /services/messages.
Request parameters
| Name | Type | Description |
|---|---|---|
| <name> | String | Required. Message name (key). |
| capability | String | One or more capabilities that users must have to view the message. Capability names are validated. If multiple capabilities are required, include them each as separate fields. |
| role | Comma separated list | One or more roles that users must have to view the message. Role names are validated. |
| value | String | Required. Message text. |
| severity | String | One of the following message severity values.
|
Response keys
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/messages -d name=helloMessage -d value="hello world" -d severity="info"
XML Response
.
.
.
<title>messages</title>
<id>https://localhost:8089/services/messages</id>
<updated>2014-02-20T10:24:02-08:00</updated>
<generator build="197187" version="6.1beta"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/messages/_new" rel="create"/>
... opensearch elements elided ...
<s:messages/>
<entry>
<title>helloMessage</title>
<id>https://localhost:8089/services/messages/helloMessage</id>
<updated>2014-02-20T10:24:02-08:00</updated>
<link href="/services/messages/helloMessage" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/messages/helloMessage" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="helloMessage">"hello world"</s:key>
<s:key name="eai:acl">
... elided ...
</s:key>
<s:key name="message">"hello world"</s:key>
<s:key name="severity">info</s:key>
<s:key name="timeCreated_epochSecs">1392920642</s:key>
</s:dict>
</content>
</entry>
messages/{name}
https://<host>:<mPort>/services/messages/{name}
Manage the message associated with the {name} message ID.
DELETE
Delete the specified message.
Request parameters
None
Response keys
None. An HTTP status code = 500 is returned if {name} message does not exist.
Example request and response
XML Request
curl -k -u admin:changeme --request DELETE https://localhost:8089/services/messages/message
XML Response
.
.
.
<title>messages</title>
<id>https://localhost:8089/services/messages</id>
<updated>2011-07-08T01:14:21-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/messages/_new" rel="create"/>
... opensearch elements elided ...
<s:messages/>
GET
Get details of the specified message.
Request parameters
None
Response keys
| Name | Description |
|---|---|
| help | For internal use only |
| <message_name> | The message name depends on the specific message returned. This field might contain the same text as the message field. In the following example response, this field is "manifest_error".
|
| message | Message text |
| server | Name of the server that generated the error |
| severity | One of the following message severity values
|
| timeCreated_epochSecs | Timestamp when the message was posted |
| timeCreated_iso | ISO formatted timestamp |
Example request and response
XML Request
curl -k -u admin:changed https://localhost:8089/services/admin/messages/manifest_error
XML Response
...
<title>messages</title>
<id>https://localhost:8089/services/admin/messages</id>
<updated>2016-09-01T13:10:59-07:00</updated>
<generator build="3b17605ee8e3" version="6.5.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/admin/messages/_new" rel="create"/>
<link href="/services/admin/messages/_acl" rel="_acl"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>manifest_error</title>
<id>https://localhost:8089/services/admin/messages/manifest_error</id>
<updated>2016-09-01T13:10:59-07:00</updated>
<link href="/services/admin/messages/manifest_error" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/admin/messages/manifest_error" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app"></s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">system</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">0</s:key>
<s:key name="sharing">system</s:key>
</s:dict>
</s:key>
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="help"></s:key>
<s:key name="manifest_error">File Integrity checks found 145 files that did not match the system-provided manifest. See splunkd.log for details.</s:key>
<s:key name="message">File Integrity checks found 145 files that did not match the system-provided manifest. See splunkd.log for details.</s:key>
<s:key name="server">docs-unix-4</s:key>
<s:key name="severity">warn</s:key>
<s:key name="timeCreated_epochSecs">1472739529</s:key>
<s:key name="timeCreated_iso">2016-09-01T07:18:49-07:00</s:key>
</s:dict>
</content>
</entry>
server/control
https://<host>:<mPort>/services/server/control
List available controls.
GET
List actions that can be performed at this endpoint.
Request parameters
None
Response keys
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/control
XML Response
.
.
.
<title>server-control</title>
<id>https://localhost:8089/services/server/control</id>
<updated>2011-07-12T00:17:53-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/server/control/restart" rel="restart"/>
... opensearch elements elided ...
<s:messages/>
server/control/restart
https://<host>:<mPort>/services/server/control/restart
Restart the splunkd server daemon and Splunk Web interface. The POST operation is equivalent to the splunk restart CLI command.
See also server/control/restart_webui
POST
Restart the splunkd server daemon and Splunk Web interface.
Request parameters
None
Response keys
An HTTP status code 200 indicates successful restart.
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/control/restart -X POST
XML Response
. . . <title>server-control</title> <id>https://localhost:8089/services/server/control</id> <updated>2014-08-05T13:02:50-07:00</updated> <generator build="221120" version="6.2"/> <author> <name>Splunk</name> </author> <link href="/services/server/control/restart" rel="restart"/> <link href="/services/server/control/restart_webui" rel="restart_webui"/> ... opensearch nodes elided ... <s:messages/>
server/control/restart_webui
https://<host>:<mPort>/services/server/control/restart_webui
Restart the Splunk Web interface. This interface is equivalent to the splunk restart splunkweb CLI command, and restarts the Web interface on servers with the default app server mode set. See also server/control/restart
POST
Restart the Splunk Web interface.
Request parameters
None
Response keys
An HTTP status code 200 indicates successful restart.
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/control/restart_webui -X POST
XML Response
. . . <title>server-control</title> <id>https://localhost:8089/services/server/control</id> <updated>2014-08-05T12:10:37-07:00</updated> <generator build="221120" version="6.2"/> <author> <name>Splunk</name> </author> <link href="/services/server/control/restart" rel="restart"/> <link href="/services/server/control/restart_webui" rel="restart_webui"/> ... opensearch elements elided ... <s:messages/>
server/httpsettings/proxysettings
https://<host>:<mPort>/services/server/httpsettings/proxysettings
Create an HTTP Proxy Server configuration for splunkd.
Authentication and Authorization
Requires the edit_server capability.
POST
Create a HTTP Proxy server configuration stanza for use with splunkd.
The POST request generates a proxyConfig configuration that you can access or update at server/settings/httpsettings/proxysettings/proxyConfig.
Request parameters
| Name | Type | Description |
|---|---|---|
| name | String | Required. Use "proxyConfig" to name the configuration stanza.
|
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/httpsettings/proxysettings -d name="proxyConfig''
XML Response
<entry>
<title>proxyConfig</title>
<id>https://localhost:8089/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig</id>
<updated>1969-12-31T16:00:00-08:00</updated>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="list"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="edit"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="remove"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/move" rel="move"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
</entry>
server/httpsettings/proxysettings/proxyConfig
https://<host>:<mPort>/services/server/httpsettings/proxysettings/proxyConfig
Access, update, or delete the HTTP Proxy Server configurations for splunkd including http_proxy, https_proxy and no_proxy.
Authentication and Authorization
All operations on this endpoint require the edit_server capability.
GET
Access the {proxyConfig} HTTP proxy server configurations for splunkd.
Request parameters
| Name | Type | Description |
|---|---|---|
| http_proxy | String | Identifies the server proxy. When set, splunkd sends all HTTP requests through the proxy server defined in http_proxy on the proxy. The default value is unset.
|
| https_proxy | String | Identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined in https_proxy. If not set, splunkd uses the http_proxy variable instead. The default value is unset.
|
| no_proxy | String | Identifies the no proxy rules. When set, splunkd uses these rules to decide whether the proxy server needs to be bypassed for matching hosts and IP addresses. Requests going to a localhost/loopback address are not proxied. The default value is localhost, 127.0.0.1, ::1.
|
Returned values
None
Example request and response
XML Request
curl -k -u admin:changed https://localhost:8089/services/server/httpsettings/proxysettings -d name="proxyConfig''
XML Response
<entry>
<title>proxyConfig</title>
<id>https://localhost:8089/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig</id>
<updated>1969-12-31T16:00:00-08:00</updated>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="list"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="edit"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="remove"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/move" rel="move"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>http_proxy</s:item>
<s:item>https_proxy</s:item>
<s:item>no_proxy</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
</entry>
POST
Update the {proxyConfig} HTTP proxy server configurations for splunkd.
Request parameters
| Name | Type | Description |
|---|---|---|
| http_proxy | String | Identifies the server proxy. When set, splunkd sends all HTTP requests through the proxy server defined in http_proxy on the proxy. The default value is unset.
|
| https_proxy | String | Identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined in https_proxy. If not set, splunkd uses the http_proxy variable instead. The default value is unset.
|
| no_proxy | String | Identifies the no proxy rules. When set, splunkd uses these rules to decide whether the proxy server needs to be bypassed for matching hosts and IP addresses. Requests going to a localhost/loopback address are not proxied. The default value is localhost, 127.0.0.1, ::1.
|
Returned values
None
Example request and response
XML Request
curl -k -u admin:changed https://localhost:8089/services/server/httpsettings/proxysettings -d no_proxy="test''
XML Response
<entry>
<title>proxyConfig</title>
<id>https://localhost:8089/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig</id>
<updated>1969-12-31T16:00:00-08:00</updated>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="list"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="edit"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig" rel="remove"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/move" rel="move"/>
<link href="/servicesNS/nobody/search/server/httpsettings/proxysettings/proxyConfig/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="no_proxy">test</s:key>
</s:dict>
</content>
</entry>
DELETE
Delete the {proxyConfig} HTTP proxy server configurations for splunkd.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:changed https://localhost:8089/services/server/httpsettings/proxysettings/proxyConfig -X DELETE
XML Response
<title>proxysettings</title>
<id>https://wimpy.sv.splunk.com:34001/services/server/httpsettings/proxysettings</id>
<updated>2017-04-20T17:14:52-07:00</updated>
<generator build="845bc99189da" version="6.6.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/server/httpsettings/proxysettings/_new" rel="create"/>
<link href="/services/server/httpsettings/proxysettings/_reload" rel="_reload"/>
<link href="/services/server/httpsettings/proxysettings/_acl" rel="_acl"/>
<opensearch:totalResults>0</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
server/logger
https://<host>:<mPort>/services/server/logger
Access splunkd logging categories specified in code or in $SPLUNK_HOME/etc/log.cfg.
GET
Enumerate splunkd logging categories.
Request parameters
Pagination and filtering parameters can be used with this method.
Response keys
| Name | Description |
|---|---|
| level | One of the following valid logger levels for this server.
|
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/logger
XML Response
.
.
.
<title>logger</title>
<id>https://mrt:8089/services/server/logger</id>
<updated>2011-05-16T20:29:38-0700</updated>
<generator version="98144"/>
<author>
<name>Splunk</name>
</author>
... opensearch elements elided ...
<s:messages/>
<entry>
<title>AdminHandler:AuthenticationHandler</title>
<id>https://mrt:8089/services/server/logger/AdminHandler%3AAuthenticationHandler</id>
<updated>2011-05-16T20:29:38-0700</updated>
<link href="/services/server/logger/AdminHandler%3AAuthenticationHandler" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/server/logger/AdminHandler%3AAuthenticationHandler" rel="list"/>
<link href="/services/server/logger/AdminHandler%3AAuthenticationHandler" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">... elided ...</s:key>
<s:key name="level">WARN</s:key>
</s:dict>
</content>
</entry>
.
.
.
elided
.
.
.
<entry>
<title>Application</title>
<id>https://mrt:8089/services/server/logger/Application</id>
<updated>2011-05-16T20:29:38-0700</updated>
<link href="/services/server/logger/Application" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/server/logger/Application" rel="list"/>
<link href="/services/server/logger/Application" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">... elided ...</s:key>
<s:key name="level">WARN</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>ApplicationManager</title>
<id>https://mrt:8089/services/server/logger/ApplicationManager</id>
<updated>2011-05-16T20:29:38-0700</updated>
<link href="/services/server/logger/ApplicationManager" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/server/logger/ApplicationManager" rel="list"/>
<link href="/services/server/logger/ApplicationManager" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">... elided ...</s:key>
<s:key name="level">WARN</s:key>
</s:dict>
</content>
</entry>
server/logger/{name}
https://<host>:<mPort>/services/server/logger/{name}
Manage the {name} logging category.
GET
Access information about the specified splunkd logging category.
Request parameters
None
Response keys
| Name | Description |
|---|---|
| level | One of the following valid logger levels for this server.
|
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/logger/Application
XML Response
.
.
.
<title>logger</title>
<id>https://localhost:8089/services/server/logger</id>
<updated>2011-07-02T15:10:44-07:00</updated>
<generator version="100492"/>
<author>
<name>Splunk</name>
</author>
... opensearch elements elided ...
<s:messages/>
<entry>
<title>Application</title>
<id>https://localhost:8089/services/server/logger/Application</id>
<updated>2011-07-02T15:10:44-07:00</updated>
<link href="/services/server/logger/Application" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/server/logger/Application" rel="list"/>
<link href="/services/server/logger/Application" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">... elided ...</s:key>
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>level</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="level">WARN</s:key>
</s:dict>
</content>
</entry>
POST
Set the logging level for a specific logging category.
Request parameters
| Name | Type | Description |
|---|---|---|
| level | Enum | Required. The desired logging level for this category. One of the following valid values. [FATAL | WARN | INFO | DEBUG] |
Response keys
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/logger/Application -d level=INFO
XML Response
. . . <title>logger</title> <id>https://localhost:8089/services/server/logger</id> <updated>2011-07-07T00:24:02-07:00</updated> <generator version="102807"/> <author> <name>Splunk</name> </author> <s:messages/>
server/roles
https://<host>:<mPort>/services/server/roles
Access server role information.
See also the server-roles attribute in /server/info.
GET
Access the roles applicable to this server.
Request parameters
None
Response keys
| Name | Description |
|---|---|
| <variable> | Zero or more of the following possible server roles.
|
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/roles
XML Response
.
.
.
<title>server-roles</title>
<id>https://localhost:8089/services/server/roles</id>
<updated>2014-04-02T12:13:07-07:00</updated>
<generator build="200839" version="6.1"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/server/roles/catalog_allPossible_predefined" rel="catalog_allPossible_predefined"/>
... opensearch elements elided ...
<s:messages/>
<entry>
<title>result</title>
<id>https://localhost:8089/services/server/roles/result</id>
<updated>2014-04-02T12:13:07-07:00</updated>
<link href="/services/server/roles/result" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/server/roles/result" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
... elided ...
</s:key>
<s:key name="indexer"/>
<s:key name="license_master"/>
<s:key name="license_slave"/>
</s:dict>
</content>
</entry>
server/security/rotate-splunk-secret
https://<host>:<mPort>/services/server/security/rotate-splunk-secret
Rotates the splunk.secret file on a standalone Splunk Enterprise instance.
POST
Rotates the splunk.secret file on a standalone Splunk Enterprise instance.
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/security/rotate-splunk-secret -X POST
XML Response
server/settings
https://<host>:<mPort>/services/server/settings
Access server configuration information for a Splunk platform instance. For additional information about your Splunk platform instance, see the server/info endpoint.
GET
Returns server configuration for a Splunk deployment.
Request parameters
Pagination and filtering parameters can be used with this method.
Response keys
| Name | Description |
|---|---|
| SPLUNK_DB | Absolute filepath to the default index for this deployment. |
| SPLUNK_HOME | Absolute filepath to the local installation of this deployment. |
| enableSplunkWebSSL | Indicates if HTTPS and SSL are enabled for Splunk Web. |
| host | The default hostname to use for data inputs that do not override this setting. |
| httpport | Port on which Splunk Web listens for this instance. Defaults to 8000. If using SSL, set to the HTTPS port number. |
| mgmtHostPort | The port on which Splunk Web listens for management operations. Defaults to 8089. |
| minFreeSpace | Safe amount of space in MB that must exist for splunkd to continue operating.minFreespace affects search and indexing in the following ways.
|
| pass4SymmKey | Password string prefixed to the Splunk platform symmetric key, generating the final key to sign all traffic between master/slave licenser. |
| serverName | Name identifying this instance for features such as distributed search. |
| sessionTimeout | Time range string to indicate the amount of time before a user session times out. Expressed as a search-like time range. The default is 1h (one hour). Here are some examples.
|
| startwebserver | Indicates whether Splunk Web is configured to start by default. |
| trustedIP | IP address of the authenticating proxy. Set to a valid IP address to enable SSO. Disabled by default. Normal value is '127.0.0.1' |
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/server/settings
XML Response
.
.
.
<title>server-settings</title>
<id>https://localhost:8089/services/server/settings</id>
<updated>2011-07-08T01:56:40-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
... opensearch elements elided ...
<s:messages/>
<entry>
<title>settings</title>
<id>https://localhost:8089/services/server/settings/settings</id>
<updated>2011-07-08T01:56:40-07:00</updated>
<link href="/services/server/settings/settings" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/server/settings/settings" rel="list"/>
<link href="/services/server/settings/settings" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="SPLUNK_DB">/home/amrit/temp/curl/splunk/var/lib/splunk</s:key>
<s:key name="SPLUNK_HOME">/home/amrit/temp/curl/splunk</s:key>
... eai:acl node elided ...
<s:key name="enableSplunkWebSSL">0</s:key>
<s:key name="host">MrT</s:key>
<s:key name="httpport">8001</s:key>
<s:key name="mgmtHostPort">8085</s:key>
<s:key name="minFreeSpace">2000000</s:key>
<s:key name="pass4SymmKey">changeme</s:key>
<s:key name="serverName">MrT</s:key>
<s:key name="sessionTimeout">1h</s:key>
<s:key name="startwebserver">1</s:key>
<s:key name="trustedIP"/>
</s:dict>
</content>
</entry>
| Search endpoint descriptions | Workload management endpoint descriptions |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1, 9.4.2
Download manual
Feedback submitted, thanks!