Related Answers
Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk.
Click here for the latest version.
Download topic as PDF
Input endpoint examples
data/inputs/ad GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/ad
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/services/data/inputs/ad</id>
<updated>2011-07-29T19:13:28-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/ad/_new" rel="create"/>
<link href="/services/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>NearestDC</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/ad/NearestDC</id>
<updated>2011-07-29T19:13:28-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/ad/NearestDC/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="index">default</s:key>
<s:key name="monitorSubtree">1</s:key>
<s:key name="startingNode"/>
<s:key name="targetDc"/>
</s:dict>
</content>
</entry>
</feed>
data/inputs/ad POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/admin/search/data/inputs/ad -d monitorSubtree=0 -d name=newdc
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:14:57-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/ad/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/ad/newdc
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:22:50-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/ad/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/ad/newdc
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:18:18-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>newdc</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad/newdc</id>
<updated>2011-07-29T19:18:18-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/newdc/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>index</s:item>
<s:item>startingNode</s:item>
<s:item>targetDc</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>monitorSubtree</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="index">default</s:key>
<s:key name="monitorSubtree">0</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/ad/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/ad/newdc -d monitorSubtree=1
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-admon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/ad</id>
<updated>2011-07-29T19:20:16-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/ad/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/ad/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/all GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/all
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>all</title>
<id>https://localhost:8089/services/data/inputs/all</id>
<updated>2012-10-01T16:08:24-07:00</updated>
<generator build="138753" version="5.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/all/_new" rel="create"/>
<link href="/services/data/inputs/all/_reload" rel="_reload"/>
<link href="/services/data/inputs/all/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title></title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/all/</id>
<updated>2012-10-01T16:08:24-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/all/" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/all/" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/all//_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/all/" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/all//enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="cipherSuite">ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="host">splunks-ombra.sv.splunk.com</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>$SPLUNK_HOME/etc/splunk.version</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version</id>
<updated>2012-10-01T16:08:24-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/all/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_TCP_ROUTING">*</s:key>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="filecount">1</s:key>
<s:key name="host">splunks-ombra.sv.splunk.com</s:key>
<s:key name="index">_internal</s:key>
<s:key name="sourcetype">splunk_version</s:key>
</s:dict>
</content>
</entry>
. . . elided ...
</feed>
data/inputs/all/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/all/twitter
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>all</title>
<id>https://localhost:8089/services/data/inputs/all</id>
<updated>2012-07-11T08:03:17-07:00</updated>
<generator build="129290" version="5.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/all/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>twitter</title>
<id>https://localhost:8089/services/data/inputs/all/twitter</id>
<updated>2012-07-11T08:03:17-07:00</updated>
<link href="/services/data/inputs/all/twitter" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/all/twitter" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="description">Get data from Twitter.</s:key>
... eai:acl nodes and eai:attribute nodes elided ...
<s:key name="endpoint">
<s:dict>
<s:key name="args">
<s:dict>
<s:key name="name">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Name of the current feed using the user credentials supplied.</s:key>
<s:key name="order">0</s:key>
<s:key name="title">Twitter feed name</s:key>
</s:dict>
</s:key>
<s:key name="password">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your twitter password</s:key>
<s:key name="order">2</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Password</s:key>
</s:dict>
</s:key>
<s:key name="username">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Twitter ID.</s:key>
<s:key name="order">1</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Twitter ID/Handle</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="streaming_mode">simple</s:key>
<s:key name="title">Twitter</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/monitor GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/monitor
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/services/data/inputs/monitor</id>
<updated>2011-07-10T14:25:53-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/monitor/_new" rel="create"/>
<link href="/services/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>$SPLUNK_HOME/etc/splunk.version</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version</id>
<updated>2011-07-10T14:25:53-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/monitor/%24SPLUNK_HOME%252Fetc%252Fsplunk.version/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_TCP_ROUTING">*</s:key>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="filecount">1</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">_internal</s:key>
<s:key name="sourcetype">splunk_version</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/monitor POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor -d name=/var/log
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:27:57-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/monitor/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:35:35-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/monitor/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:33:54-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog</id>
<updated>2011-07-10T14:33:54-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/members" rel="members"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>blacklist</s:item>
<s:item>check-index</s:item>
<s:item>check-path</s:item>
<s:item>crc-salt</s:item>
<s:item>followTail</s:item>
<s:item>host</s:item>
<s:item>host_regex</s:item>
<s:item>host_segment</s:item>
<s:item>ignore-older-than</s:item>
<s:item>index</s:item>
<s:item>recursive</s:item>
<s:item>rename-source</s:item>
<s:item>sourcetype</s:item>
<s:item>time-before-close</s:item>
<s:item>whitelist</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="filecount">108</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/monitor/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog -d recursive=false
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:35:28-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/monitor/{name}/members GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog/members
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>monitor</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor</id>
<updated>2011-07-10T14:34:28-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log/acpid</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid</id>
<updated>2011-07-10T14:34:28-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/monitor/%252Fvar%252Flog%252Facpid" rel="remove"/>
<content type="text/xml">
<s:dict>
... eai:acl node elided ...
</s:dict>
</content>
</entry>
. . . elided . . .
</feed>
data/inputs/oneshot GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/oneshot
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>oneshotinput</title>
<id>https://localhost:8089/services/data/inputs/oneshot</id>
<updated>2011-07-08T01:48:04-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/oneshot/_new" rel="create"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log/distccd.log</title>
<id>https://localhost:8089/services/data/inputs/oneshot/%252Fvar%252Flog%252Fdistccd.log</id>
<updated>2011-07-08T01:48:04-07:00</updated>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fdistccd.log" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fdistccd.log" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="Bytes Indexed">7200768</s:key>
<s:key name="Offset">7200768</s:key>
<s:key name="Size">449630160</s:key>
<s:key name="Sources Indexed">0</s:key>
<s:key name="Spool Time">Fri Jul 8 01:47:53 PDT 2011</s:key>
... eai:acl node elided ...
</s:dict>
</content>
</entry>
</feed>
data/inputs/oneshot POST
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/oneshot -d name=/var/log/messages
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>oneshotinput</title>
<id>https://localhost:8089/services/data/inputs/oneshot</id>
<updated>2011-07-08T01:48:04-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/oneshot/_new" rel="create"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/oneshot/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>oneshotinput</title>
<id>https://localhost:8089/services/data/inputs/oneshot</id>
<updated>2011-07-08T01:49:20-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/oneshot/_new" rel="create"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/var/log/messages</title>
<id>https://localhost:8089/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages</id>
<updated>2011-07-08T01:49:20-07:00</updated>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/oneshot/%252Fvar%252Flog%252Fmessages" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="Bytes Indexed">114822</s:key>
<s:key name="Offset">114822</s:key>
<s:key name="Size">114822</s:key>
<s:key name="Sources Indexed">0</s:key>
<s:key name="Spool Time">Fri Jul 8 01:48:04 PDT 2011</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list/>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/registry GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/registry
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/services/data/inputs/registry</id>
<updated>2011-07-29T19:31:32-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/registry/_new" rel="create"/>
<link href="/services/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Machine keys</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry/Machine%20keys</id>
<updated>2011-07-29T19:31:32-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/Machine%20keys/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="baseline">0</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hive">HKLM</s:key>
<s:key name="index">default</s:key>
<s:key name="monitorSubnodes">1</s:key>
<s:key name="proc">c:\.*</s:key>
<s:key name="type">
<s:list>
<s:item>set</s:item>
<s:item>create</s:item>
<s:item>delete</s:item>
<s:item>rename</s:item>
</s:list>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/registry POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/registry -d baseline=1 -d hive="HKU\\.*" -d name=mykeys -d proc="c:\\.*" -d type="set|create|delete|rename"
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:29:18-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/registry/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/registry/mykeys
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:36:54-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/registry/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/registry/mykeys
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:33:21-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>mykeys</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry/mykeys</id>
<updated>2011-07-29T19:33:21-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/mykeys/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="baseline">1</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>index</s:item>
<s:item>monitorSubnodes</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>baseline</s:item>
<s:item>hive</s:item>
<s:item>proc</s:item>
<s:item>type</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="hive">HKU</s:key>
<s:key name="index">default</s:key>
<s:key name="monitorSubnodes">1</s:key>
<s:key name="proc">c:\.*</s:key>
<s:key name="type">
<s:list>
<s:item>set</s:item>
<s:item>create</s:item>
<s:item>delete</s:item>
<s:item>rename</s:item>
</s:list>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/registry/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/registry/mykeys -d baseline=1 -d hive="HKU\\.*" -d proc="c:\\.*" -d type="set|create"
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-regmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/registry</id>
<updated>2011-07-29T19:36:07-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/registry/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/registry/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/script
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/services/data/inputs/script</id>
<updated>2011-07-09T20:16:11-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/script/_new" rel="create"/>
<link href="/services/data/inputs/script/_reload" rel="_reload"/>
<link href="/services/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/Applications/splunk4.3/etc/apps/unix/bin/cpu.sh</title>
<id>https://localhost:8089/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh</id>
<updated>2011-07-09T20:16:11-07:00</updated>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh" rel="list"/>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh" rel="edit"/>
<link href="/servicesNS/nobody/unix/data/inputs/script/.%252Fbin%252Fcpu.sh/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="endtime">Sat Jul 9 20:15:54 2011</s:key>
<s:key name="group">exec commands</s:key>
<s:key name="host">myhost.splunk.com</s:key>
<s:key name="index">os</s:key>
<s:key name="interval">30</s:key>
<s:key name="source">cpu</s:key>
<s:key name="sourcetype">cpu</s:key>
<s:key name="starttime">Sat Jul 9 20:15:52 2011</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/script POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script -d name=/Applications/splunk4.3/etc/apps/myApp/bin/myScript.sh -d disabled=true -d interval=3600
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:25:17-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script/restart POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/restart -d script=/Applications/splunk/bin/scripts/myScript.sh
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:38:38-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk4.3%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:29:18-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/script/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T21:53:43-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>/Applications/splunk/etc/apps/myApp/bin/myScript.sh</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh</id>
<updated>2011-07-09T21:53:43-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>interval</s:item>
<s:item>rename-source</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">exec commands</s:key>
<s:key name="host">ombroso-mbp15.splunk.com</s:key>
<s:key name="index">default</s:key>
<s:key name="interval">3600</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/script/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/%252FApplications%252Fsplunk%252Fetc%252Fapps%252FmyApp%252Fbin%252FmyScript.sh -d interval=86400
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>script</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/script</id>
<updated>2011-07-09T20:27:59-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/script/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/script/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/script/restart" rel="restart"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/cooked
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/services/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:50:50-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/services/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>9993</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9993</id>
<updated>2011-07-10T14:50:50-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9993/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/cooked POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked -d name=9998
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:52:33-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/tiny:9998
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:54:45-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:52:40-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>9998</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998</id>
<updated>2011-07-10T14:52:40-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>SSL</s:item>
<s:item>connection_host</s:item>
<s:item>disabled</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>queue</s:item>
<s:item>restrictToHost</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/cooked/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998 -d restrictToHost=tiny
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-10T14:52:54-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/cooked/{name}/connections GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/9998/connections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>cooked</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked</id>
<updated>2011-07-13T14:55:18-0700</updated>
<generator version="101277"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>Cooked:9998:127.0.0.1:20089</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089</id>
<updated>2011-07-13T14:55:18-0700</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/cooked/Cooked%3A9998%3A127.0.0.1%3A20089" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="connection">9998:127.0.0.1:20089</s:key>
... eai:acl node elided ...
<s:key name="servername">fool03.splunk.com</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/raw GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/raw
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/services/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/services/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44000</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44000</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44000/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/raw POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw -d name=44343
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/raw/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:31-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/raw/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:37:09-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44343</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343</id>
<updated>2011-07-08T02:37:09-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/44343/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>SSL</s:item>
<s:item>connection_host</s:item>
<s:item>disabled</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>queue</s:item>
<s:item>restrictToHost</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/raw/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw/44343 -d sourcetype=syslog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>raw</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/raw</id>
<updated>2011-07-08T02:30:30-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/tcp/raw/{name}/connections GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/raw/9998/connections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>raw</title>
<id>https://localhost:8089/services/data/inputs/tcp/raw</id>
<updated>2011-07-13T16:14:33-07:00</updated>
<generator version="103477"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/raw/_new" rel="create"/>
<link href="/services/data/inputs/tcp/raw/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Raw:9998:127.0.0.1</title>
<id>https://localhost:8089/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1</id>
<updated>2011-07-13T16:14:33-07:00</updated>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="list"/>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1/_reload" rel="_reload"/>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="edit"/>
<link href="/services/data/inputs/tcp/raw/Raw%3A9998%3A127.0.0.1" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="connection">9998:127.0.0.1</s:key>
... eai:acl node elided ...
<s:key name="servername"></s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/splunktcptoken GET
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/data/inputs/tcp/splunktcptoken
XML Response
.
.
.
<title>splunktcptoken</title>
<id>https://localhost:8089/services/data/inputs/tcp/splunktcptoken</id>
<updated>2015-09-16T09:31:52-07:00</updated>
<generator build="71e3b8d1908254f21434f97320ac5ad7e6bb1c16" version="20150910"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/splunktcptoken/_new" rel="create"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_reload" rel="_reload"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_acl" rel="_acl"/>
<opensearch:totalResults>2</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>splunktcptoken://tok1</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1</id>
<updated>2015-09-16T09:31:52-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">99C91C9E-F92E-40AF-BCDC-1A6AD2DC7AEF</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>splunktcptoken://tok3</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3</id>
<updated>2015-09-16T09:31:52-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok3/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">4EFFBD13-B26F-4F3A-BED9-03850001EDA1</s:key>
</s:dict>
</content>
</entry>
data/inputs/tcp/splunktcptoken POST
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/data/inputs/tcp/splunktcptoken -d "name=tok1" -d "token=99C91C9E-F92E-40AF-BCDC-1A6AD2DC7AEF"
XML Response
.
.
.
<title>splunktcptoken</title>
<id>https://localhost:8089/services/data/inputs/tcp/splunktcptoken</id>
<updated>2015-09-16T09:27:03-07:00</updated>
<generator build="71e3b8d1908254f21434f97320ac5ad7e6bb1c16" version="20150910"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/splunktcptoken/_new" rel="create"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_reload" rel="_reload"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_acl" rel="_acl"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>splunktcptoken://tok1</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1</id>
<updated>2015-09-16T09:27:03-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">99C91C9E-F92E-40AF-BCDC-1A6AD2DC7AEF</s:key>
</s:dict>
</content>
</entry>
data/inputs/tcp/splunktcptoken/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/splunktcptoken
XML Response
.
.
.
<title>splunktcptoken</title>
<id>https://localhost:8089/services/data/inputs/tcp/splunktcptoken</id>
<updated>2015-09-16T09:28:22-07:00</updated>
<generator build="71e3b8d1908254f21434f97320ac5ad7e6bb1c16" version="20150910"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/splunktcptoken/_new" rel="create"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_reload" rel="_reload"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_acl" rel="_acl"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>splunktcptoken://tok1</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1</id>
<updated>2015-09-16T09:28:22-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/tcp/splunktcptoken/splunktcptoken%3A%252F%252Ftok1/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">search</s:key>
<s:key name="can_change_perms">1</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_share_app">1</s:key>
<s:key name="can_share_global">1</s:key>
<s:key name="can_share_user">0</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">1</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>token</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list>
<s:item>.*</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">99C91C9E-F92E-40AF-BCDC-1A6AD2DC7AEF</s:key>
</s:dict>
</content>
</entry>
data/inputs/tcp/splunktcptoken/{name} POST
XML
XML Request
curl -k -u admin:changeme https://localhost:8089/services/data/inputs/tcp/splunktcptoken/tok1
XML Response
data/inputs/tcp/splunktcptoken/{name} DELETE
XML
XML Request
curl -k -X "DELETE" -u admin:changeme https://localhost:8089/services/data/inputs/tcp/splunktcptoken/tok1
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>splunktcptoken</title>
<id>https://localhost:8089/services/data/inputs/tcp/splunktcptoken</id>
<updated>2015-09-16T09:34:51-07:00</updated>
<generator build="71e3b8d1908254f21434f97320ac5ad7e6bb1c16" version="20150910"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/splunktcptoken/_new" rel="create"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_reload" rel="_reload"/>
<link href="/services/data/inputs/tcp/splunktcptoken/_acl" rel="_acl"/>
<opensearch:totalResults>0</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
</feed>
data/inputs/tcp/ssl GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/ssl
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>ssl</title>
<id>https://localhost:8089/services/data/inputs/tcp/ssl</id>
<updated>2011-07-12T15:02:58-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/ssl/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title/>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/tcp/ssl/</id>
<updated>2011-07-12T15:02:58-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl//_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="cipherSuite">ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="host">ombroso-mbp15.splunk.com</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/ssl/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/ssl/ssl
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>ssl</title>
<id>https://localhost:8089/services/data/inputs/tcp/ssl</id>
<updated>2011-07-12T15:04:41-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/ssl/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title/>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/tcp/ssl/</id>
<updated>2011-07-12T15:04:41-07:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl//_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/tcp/ssl/" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="cipherSuite">ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="host">ombroso-mbp15.splunk.com</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/tcp/ssl/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/tcp/ssl/ssl -d disabled=true
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>ssl</title>
<id>https://localhost:8089/services/data/inputs/tcp/ssl</id>
<updated>2011-07-12T15:05:42-07:00</updated>
<generator version="102824"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/tcp/ssl/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/http GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/http
XML Response
.
.
.
<title>http</title>
<id>https://localhost:8089/services/data/inputs/http</id>
<updated>2015-01-26T22:43:26-08:00</updated>
<generator build="250128" version="20150120"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/http/_new" rel="create"/>
<link href="/services/data/inputs/http/_reload" rel="_reload"/>
... opensearch elided ...
<s:messages/>
<entry>
<title>http</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http</id>
<updated>2015-01-26T22:43:26-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl elided ...
<s:key name="eai:appName">search</s:key>
<s:key name="eai:userName">admin</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>http://%22myapp"</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22</id>
<updated>2015-01-26T22:43:26-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="alternate"/>
<author>
<name>admin</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="remove"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl elided ...
<s:key name="eai:appName">search</s:key>
<s:key name="eai:userName">admin</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">3DEA16E1-413A-46C2-A74F-E79DC3DF3CA2</s:key>
</s:dict>
</content>
</entry>
data/inputs/http POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http -d name=myapp
XML Response
.
.
.
<title>http</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http</id>
<updated>2015-01-30T12:45:28-08:00</updated>
<generator build="250128" version="20150120"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/_new" rel="create"/>
<link href="/servicesNS/nobody/system/data/inputs/http/_reload" rel="_reload"/>
... opensearch ...
<s:messages/>
<entry>
<title>http://myapp</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp</id>
<updated>2015-01-30T12:45:28-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="remove"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl ...
<s:key name="eai:appName">system</s:key>
<s:key name="eai:userName">nobody</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">AABD8B82-2810-4BE8-823F-FE6C15ECB46E</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/http/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/http/http%3A%252F%252Fmyapp
XML Response
. . . <title>http</title> <id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http</id> <updated>2015-01-30T13:03:18-08:00</updated> <generator build="250128" version="20150120"/> <author> <name>Splunk</name> </author> <link href="/servicesNS/nobody/system/data/inputs/http/_new" rel="create"/> <link href="/servicesNS/nobody/system/data/inputs/http/_reload" rel="_reload"/> ... opensearch elided ... <s:messages/> </feed>
data/inputs/http/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089//servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22/http/%252Fvar%252Flog
XML Response
.
.
.
<title>http</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http</id>
<updated>2015-01-26T23:01:34-08:00</updated>
<generator build="250128" version="20150120"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/_new" rel="create"/>
<link href="/servicesNS/nobody/system/data/inputs/http/_reload" rel="_reload"/>
... opensearch elided ...
<s:messages/>
<entry>
<title>http://%22myapp"</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22</id>
<updated>2015-01-26T23:01:34-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="alternate"/>
<author>
<name>admin</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22" rel="remove"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252F%22myapp%22/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl elided ...
<s:key name="eai:appName">system</s:key>
... eai:attributes elided ...
<s:key name="eai:userName">nobody</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="token">3DEA16E1-413A-46C2-A74F-E79DC3DF3CA2</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/http/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http%3A%252F%252Fmyapp -d recursive=false
XML Response
.
.
.
<title>http</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http</id>
<updated>2015-01-30T12:51:17-08:00</updated>
<generator build="250128" version="20150120"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/_new" rel="create"/>
<link href="/servicesNS/nobody/system/data/inputs/http/_reload" rel="_reload"/>
... opensearch elided ...
<s:messages/>
<entry>
<title>http://myapp</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp</id>
<updated>2015-01-30T12:51:17-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="remove"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl elided ...
<s:key name="eai:appName">system</s:key>
<s:key name="eai:userName">nobody</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="recursive">false</s:key>
<s:key name="token">AABD8B82-2810-4BE8-823F-FE6C15ECB46E</s:key>
</s:dict>
</content>
</entry>
data/inputs/http/{name}/enable POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http/http%3A%252F%252Fmyapp/enable
XML Response
.
.
.
<title>http</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http</id>
<updated>2015-01-30T12:56:38-08:00</updated>
<generator build="250128" version="20150120"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/_new" rel="create"/>
<link href="/servicesNS/nobody/system/data/inputs/http/_reload" rel="_reload"/>
... opensearch elided ...
<s:messages/>
<entry>
<title>http://myapp</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp</id>
<updated>2015-01-30T12:56:38-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="remove"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl elided ...
<s:key name="eai:appName">system</s:key>
<s:key name="eai:userName">nobody</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="recursive">false</s:key>
<s:key name="token">AABD8B82-2810-4BE8-823F-FE6C15ECB46E</s:key>
</s:dict>
</content>
</entry>
data/inputs/http/{name}/disable POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http/http%3A%252F%252Fmyapp/disable
XML Response
.
.
.
<title>http</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http</id>
<updated>2015-01-30T12:59:44-08:00</updated>
<generator build="250128" version="20150120"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/_new" rel="create"/>
<link href="/servicesNS/nobody/system/data/inputs/http/_reload" rel="_reload"/>
... opensearch elided ...
<s:messages/>
<entry>
<title>http://myapp</title>
<id>https://localhost:8089/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp</id>
<updated>2015-01-30T12:59:44-08:00</updated>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="list"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="edit"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp" rel="remove"/>
<link href="/servicesNS/nobody/system/data/inputs/http/http%3A%252F%252Fmyapp/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">1</s:key>
... eai:acl elided ...
<s:key name="eai:appName">system</s:key>
<s:key name="eai:userName">nobody</s:key>
<s:key name="host">$decideOnStartup</s:key>
<s:key name="index">default</s:key>
<s:key name="recursive">false</s:key>
<s:key name="token">AABD8B82-2810-4BE8-823F-FE6C15ECB46E</s:key>
</s:dict>
</content>
</entry>
data/inputs/udp GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/udp
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/services/data/inputs/udp</id>
<updated>2011-07-08T14:11:57-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/udp/_new" rel="create"/>
<link href="/services/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44000</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44000</id>
<updated>2011-07-08T14:11:57-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44000/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/udp POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp -d name=44321
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:13-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:53-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:27-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>44321</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321</id>
<updated>2011-07-08T14:12:27-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321/connections" rel="connections"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/44321/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="_rcvbuf">1572864</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>connection_host</s:item>
<s:item>host</s:item>
<s:item>index</s:item>
<s:item>no_appending_timestamp</s:item>
<s:item>no_priority_stripping</s:item>
<s:item>queue</s:item>
<s:item>source</s:item>
<s:item>sourcetype</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="group">listenerports</s:key>
<s:key name="host">MrT</s:key>
<s:key name="index">default</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/udp/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/44321 -d sourcetype=syslog
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-08T14:12:47-07:00</updated>
<generator version="102807"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/udp/{name}/connections GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/9998/connections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>udp</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp</id>
<updated>2011-07-13T17:08:18-07:00</updated>
<generator version="103477"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/_reload" rel="_reload"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>127.0.0.1</title>
<id>https://localhost:8089/servicesNS/nobody/search/data/inputs/udp/127.0.0.1</id>
<updated>2011-07-13T17:08:18-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/udp/127.0.0.1" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="group">hosts</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/win-event-log-collections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/services/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T11:26:47-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/services/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>localhost</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost</id>
<updated>2011-07-27T11:26:47-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>HardwareEvents</s:item>
<s:item>Internet Explorer</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections -d lookup_host=localhost -d name=mylogs -d logs=Application,System
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T11:56:24-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>localhost</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost</id>
<updated>2011-07-27T11:56:24-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>HardwareEvents</s:item>
<s:item>Internet Explorer</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">localhost</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T13:45:24-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/win-event-log-collections/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T12:00:38-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>mylogs</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs</id>
<updated>2011-07-27T12:00:38-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>hosts</s:item>
<s:item>index</s:item>
<s:item>logs</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>lookup_host</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="hosts"/>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application,System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">mylogs</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-event-log-collections/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections/mylogs -d lookup_host=localhost -d logs=Application
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-event-log-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-event-log-collections</id>
<updated>2011-07-27T13:43:46-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>localhost</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost</id>
<updated>2011-07-27T13:43:46-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>HardwareEvents</s:item>
<s:item>Internet Explorer</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">localhost</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/win-wmi-collections
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/services/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:00:24-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/services/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>CPUTime</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime</id>
<updated>2011-07-27T14:00:24-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="class">Win32_PerfFormattedData_PerfOS_Processor</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="fields">
<s:list>
<s:item>PercentProcessorTime</s:item>
<s:item>PercentUserTime</s:item>
</s:list>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list>
<s:item>_Total</s:item>
</s:list>
</s:key>
<s:key name="interval">3</s:key>
<s:key name="name"/>
<s:key name="server">localhost</s:key>
<s:key name="wql">SELECT PercentProcessorTime,PercentUserTime FROM Win32_PerfFormattedData_PerfOS_Processor WHERE Name="_Total"</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections -d classes=Win32_PerfFormattedData_PerfOS_Processor -d interval=5 -d lookup_host=localhost -d name=cpu
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:05:43-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>CPUTime</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime</id>
<updated>2011-07-27T14:05:43-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-wmi-collections/CPUTime" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="index">default</s:key>
<s:key name="interval">3</s:key>
<s:key name="wql">SELECT PercentProcessorTime,PercentUserTime FROM Win32_PerfFormattedData_PerfOS_Processor WHERE Name="_Total"</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:21:17-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/win-wmi-collections/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:09:39-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>cpu</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu</id>
<updated>2011-07-27T14:09:39-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="classes">Win32_PerfFormattedData_PerfOS_Processor</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>disabled</s:item>
<s:item>fields</s:item>
<s:item>index</s:item>
<s:item>instances</s:item>
<s:item>server</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list>
<s:item>classes</s:item>
<s:item>interval</s:item>
<s:item>lookup_host</s:item>
</s:list>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="fields">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">5</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">cpu</s:key>
<s:key name="server"/>
<s:key name="wql">Select * from Win32_PerfFormattedData_PerfOS_Processor</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-wmi-collections/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu -d classes=Win32_PerfFormattedData_PerfOS_Processor -d interval=5 -d lookup_host=localhost -d server=xx.1.5.157,10.1.5.158
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-wmi-collections</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections</id>
<updated>2011-07-27T14:15:33-07:00</updated>
<generator version="103620"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>cpu</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu</id>
<updated>2011-07-27T14:15:33-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-wmi-collections/cpu" rel="remove"/>
<content type="text/xml">
<s:dict>
<s:key name="classes">Win32_PerfFormattedData_PerfOS_Processor</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="fields">
<s:list>
<s:item>*</s:item>
</s:list>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">5</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">cpu</s:key>
<s:key name="server"/>
<s:key name="wql">Select * from Win32_PerfFormattedData_PerfOS_Processor</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/inputs/win-perfmon
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/services/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:42:06-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/services/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Available Memory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory</id>
<updated>2011-07-29T19:42:06-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="edit"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/enable" rel="enable"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">
<s:list>
<s:item>Available Bytes</s:item>
</s:list>
</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">10</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon -d interval=4 -d name=mymemory -d object=Memory
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:40:38-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Available Memory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory</id>
<updated>2011-07-29T19:40:38-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">Available Bytes</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="instances"/>
<s:key name="interval">10</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon/{name} DELETE
XML
XML Request
curl -u admin:pass --request DELETE https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:47:06-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
</feed>
data/inputs/win-perfmon/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:44:21-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>mymemory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory</id>
<updated>2011-07-29T19:44:21-07:00</updated>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="list"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="edit"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory" rel="remove"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory/disable" rel="disable"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">
<s:list/>
</s:key>
<s:key name="disabled">0</s:key>
... eai:acl node elided ...
<s:key name="eai:attributes">
<s:dict>
<s:key name="optionalFields">
<s:list>
<s:item>counters</s:item>
<s:item>disabled</s:item>
<s:item>index</s:item>
<s:item>instances</s:item>
<s:item>interval</s:item>
<s:item>object</s:item>
</s:list>
</s:key>
<s:key name="requiredFields">
<s:list/>
</s:key>
<s:key name="wildcardFields">
<s:list/>
</s:key>
</s:dict>
</s:key>
<s:key name="index">default</s:key>
<s:key name="instances">
<s:list/>
</s:key>
<s:key name="interval">4</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/inputs/win-perfmon/{name} POST
XML
XML Request
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/win-perfmon/mymemory -d interval=10
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
xmlns:s="http://dev.splunk.com/ns/rest">
<title>win-perfmon</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/search/data/inputs/win-perfmon</id>
<updated>2011-07-29T19:45:59-07:00</updated>
<generator version="104976"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_new" rel="create"/>
<link href="/servicesNS/nobody/search/data/inputs/win-perfmon/_reload" rel="_reload"/>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>Available Memory</title>
<id>https://10.1.5.157:8089/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory</id>
<updated>2011-07-29T19:45:59-07:00</updated>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="list"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/windows/data/inputs/win-perfmon/Available%20Memory" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="counters">Available Bytes</s:key>
<s:key name="disabled">1</s:key>
... eai:acl node elided ...
<s:key name="instances"/>
<s:key name="interval">10</s:key>
<s:key name="object">Memory</s:key>
</s:dict>
</content>
</entry>
</feed>
data/modular-inputs GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/modular-inputs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>modular-inputs</title>
<id>https://localhost:8089/services/data/modular-inputs</id>
<updated>2012-07-09T09:12:41-07:00</updated>
<generator build="129290" version="5.0"/>
<author>
<name>Splunk</name>
</author>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>s3</title>
<id>https://localhost:8089/services/data/modular-inputs/s3</id>
<updated>2012-07-09T09:12:41-07:00</updated>
<link href="/services/data/modular-inputs/s3" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/modular-inputs/s3" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="description">Get data from Amazon S3.</s:key>
... eai:acl node elided ...
<s:key name="endpoint">
<s:dict>
<s:key name="args">
<s:dict>
<s:key name="key_id">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Amazon key ID.</s:key>
<s:key name="order">1</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Key ID</s:key>
</s:dict>
</s:key>
<s:key name="name">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description"><![CDATA[An S3 resource name without the leading s3://. For example, for s3://bucket/file.txt specify bucket/file.txt. You can also monitor a whole bucket (for example by specifying 'bucket'), or files within a sub-directory of a bucket (for example 'bucket/some/directory/'; note the trailing slash).]]></s:key>
<s:key name="order">0</s:key>
<s:key name="title">Resource name</s:key>
</s:dict>
</s:key>
<s:key name="secret_key">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Amazon secret key.</s:key>
<s:key name="order">2</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Secret key</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="streaming_mode">xml</s:key>
<s:key name="title">Amazon S3</s:key>
</s:dict>
</content>
</entry>
<entry>
<title>twitter</title>
<id>https://localhost:8089/services/data/modular-inputs/twitter</id>
. . . elided . . .
</entry>
</feed>
data/modular-inputs/{name} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/data/modular-inputs/twitter
XML Response
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:s="http://dev.splunk.com/ns/rest"
xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>modular-inputs</title>
<id>https://localhost:8089/services/data/modular-inputs</id>
<updated>2012-07-09T11:07:29-07:00</updated>
<generator build="129290" version="5.0"/>
<author>
<name>Splunk</name>
</author>
... opensearch nodes elided ...
<s:messages/>
<entry>
<title>twitter</title>
<id>https://localhost:8089/services/data/modular-inputs/twitter</id>
<updated>2012-07-09T11:07:29-07:00</updated>
<link href="/services/data/modular-inputs/twitter" rel="alternate"/>
<author>
<name>system</name>
</author>
<link href="/services/data/modular-inputs/twitter" rel="list"/>
<content type="text/xml">
<s:dict>
<s:key name="description">Get data from Twitter.</s:key>
... eai:acl and eai:attribute nodes elided ...
<s:key name="endpoint">
<s:dict>
<s:key name="args">
<s:dict>
<s:key name="name">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Name of the current feed using the user credentials supplied.</s:key>
<s:key name="order">0</s:key>
<s:key name="title">Twitter feed name</s:key>
</s:dict>
</s:key>
<s:key name="password">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your twitter password</s:key>
<s:key name="order">2</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Password</s:key>
</s:dict>
</s:key>
<s:key name="username">
<s:dict>
<s:key name="data_type">string</s:key>
<s:key name="description">Your Twitter ID.</s:key>
<s:key name="order">1</s:key>
<s:key name="required_on_create">1</s:key>
<s:key name="required_on_edit">0</s:key>
<s:key name="title">Twitter ID/Handle</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="streaming_mode">simple</s:key>
<s:key name="title">Twitter</s:key>
</s:dict>
</content>
</entry>
</feed>
indexing/preview GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/indexing/preview
XML Response
<title>preview</title>
<id>https://localhost:8089/services/indexing/preview</id>
<updated>2011-11-28T14:35:35-08:00</updated>
<generator version="108769"/>
<author>
<name>Splunk</name>
</author>
<entry>
<title>1322518170.8</title>
<id>https://localhost:8089/services/indexing/preview/1322518170.8</id>
<updated>2011-11-28T14:35:35-08:00</updated>
<link href="/services/indexing/preview/1322518170.8" rel="alternate"/>
<link href="/services/search/jobs/1322518170.8" rel="job"/>
</entry>
<entry>
<title>1322519686.9</title>
<id>https://localhost:8089/services/indexing/preview/1322519686.9</id>
<updated>2011-11-28T14:35:35-08:00</updated>
<link href="/services/indexing/preview/1322519686.9" rel="alternate"/>
<link href="/services/search/jobs/1322519686.9" rel="job"/>
</entry>
<entry>
<title>1322519724.10</title>
<id>https://localhost:8089/services/indexing/preview/1322519724.10</id>
<updated>2011-11-28T14:35:35-08:00</updated>
<link href="/services/indexing/preview/1322519724.10" rel="alternate"/>
<link href="/services/search/jobs/1322519724.10" rel="job"/>
</entry>
indexing/preview POST
XML
XML Request
curl -u admin:pass https://localhost:8089/services/indexing/preview -d input.path=/Applications/splunk/var/log/splunk/metrics.log
XML Response
<response>
<messages>
<msg type='INFO'>1319496093.11</msg>
</messages>
</response>
indexing/preview/{job_id} GET
XML
XML Request
curl -u admin:pass https://localhost:8089/services/indexing/preview/1319496093.11
XML Response
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
<title>1319496093.11</title>
<id>https://localhost:8089/services/indexing/preview/1319496093.11</id>
<updated>2011-10-24T15:44:09-07:00</updated>
<link href="/services/indexing/preview/1319496093.11" rel="alternate"/>
<content type="text/xml">
<s:dict>
<s:key name="explicit">
<s:dict>
<s:key name="PREFERRED_SOURCETYPE">
<s:dict>
<s:key name="value">splunkd</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
<s:key name="inherited">
<s:dict>
<s:key name="ANNOTATE_PUNCT">
<s:dict>
<s:key name="value">True</s:key>
<s:key name="stanza">default</s:key>
</s:dict>
</s:key>
. . . elided . . .
<s:key name="sourcetype">
<s:dict>
<s:key name="value">splunkd</s:key>
<s:key name="stanza">source::.../var/log/splunk/metrics.log(.\d+)?</s:key>
</s:dict>
</s:key>
</s:dict>
</s:key>
</s:dict>
</content>
<link href="/services/search/jobs/1319496093.11" rel="job"/>
</entry>
receivers/simple POST
XML
XML Request
curl -u admin:pass "https://localhost:8089/services/receivers/simple?source=www&sourcetype=web_event" -d "Sun Jul 10 15:56:02 PDT 2011 User myusername logged in successfully."
XML Response
<response>
<results>
<result>
<field k="_index">
<value>
<text>default</text>
</value>
</field>
<field k="bytes">
<value>
<text>67</text>
</value>
</field>
<field k="host">
<value>
<text>127.0.0.1</text>
</value>
</field>
<field k="source">
<value>
<text>www</text>
</value>
</field>
<field k="sourcetype">
<value>
<text>web_event</text>
</value>
</field>
</result>
</results>
</response>
receivers/stream POST
Python
Python Request
import httplib, time
conn = httplib.HTTPSConnection("localhost", 8089)
conn.connect()
conn.putrequest("POST", "/services/receivers/stream?source=www&sourcetype=web_data")
conn.putheader("Authorization", "Splunk 67bed982ce1af9ba2e393b15ed63c916")
conn.putheader("x-splunk-input-mode", "streaming")
conn.endheaders()
i = 0
while i < 100:
conn.send("%s A sample event (idx: %s).\n" % (time.asctime(), i))
time.sleep(1)
i += 1
conn.close()
Python Response
Streamed data
services/collector POST
JSON
For application token = 3DEA16E1-413A-46C2-A74F-E79DC3DF3CA2
JSON Request
curl https://localhost:8089/services/collector -H 'Authorization: Splunk 3DEA16E1-413A-46C2-A74F-E79DC3DF3CA2' -d '{"sourcetype":"access", "source":"/var/log/access.log", "event": {"message":"Access log test message"}} {"sourcetype":"access", "source":"/var/log/access.log", "event": {"message":"Access log test message 2"}}'
JSON Response
{"text":"Success","code":0}
Example search results:
For index=main | search sourcetype=access
Time Event
1/26/15
10:07:09.000 PM
{ [-]
message: Access log test message 2
}
1/26/15
10:07:09.000 PM
{ [-]
message: Access log test message
}
services/collector/ack POST
JSON
For application token = B48F6736-479F-486B-96F9-3EF8C6378E70.
- Note:
useACKmust be enabled on the token for use with this endpoint.
JSON Request
curl -k https://localhost:8088/services/collector/ack?channel=2AC79941-CB26-421C-8826-F57AE23E9702 -H "Authorization: Splunk B48F6736-479F-486B-96F9-3EF8C6378E70" -d '{"acks":[0,1]}'
JSON Response Body
{"acks":{"0":true,"1":true}}
services/collector/event POST
- Note that the POST request is made to port 8088 and uses HTTPs for transport. The port and HTTP protocol settings can be configured independently of settings for any other servers in your deployment.
JSON
For application token = B5A79AAD-D822-46CC-80D1-819F80D7BFB0
JSON Request
curl -k https://localhost:8088/services/collector/event -H "Authorization: Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0" -d '{"event": "hello world"}'
JSON Response
{"text": "Success", "code": 0}
JSON Request
This example uses a channel ID and token on which useACK is enabled.
curl -k https://localhost:8088/services/collector/event?channel=2AC79941-CB26-421C-8826-F57AE23E9702 -H "Authorization: Splunk B48F6736-479F-486B-96F9-3EF8C6378E70" -d '{"event": "1"}'
JSON Response
{"text":"Success","code":0,"ackId":0}
services/collector/mint POST
- Note that the POST request is made to port 8088 and uses HTTPs for transport. The port and HTTP protocol settings can be configured independently of settings for any other servers in your deployment.
MINT
For application token = B5A79AAD-D822-46CC-80D1-819F80D7BFB0
MINT Request
curl -k http://localhost:8088/services/collector/mint -H 'Authorization: Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0' -d '{"data":"hello"}{^1^log^1433256}'
services/collector/raw POST
- Note that the POST request is made to port 8088 and uses HTTPs for transport. The port and HTTP protocol settings can be configured independently of settings for any other servers in your deployment.
Raw Request
This example passes the channel ID as part of the header.
curl -k http://localhost:8088/services/collector/raw -H 'Authorization: Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0' -H 'x-splunk-request-channel: 18654C68-B28B-4450-9CF0-6E7645CA60CA' -d 'hello world'
JSON Response
{"text":"Success","code":0}
Raw Request
This example passes the channel as a parameter.
curl -k http://localhost:8088/services/collector/raw?channel=18654C68-B28B-4450-9CF0-6E7645CA60CA -H 'Authorization: Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0' -d 'hello world'
JSON Response
{"text":"Success","code":0}
Last modified on 30 August, 2016
|
PREVIOUS Input endpoint descriptions |
NEXT Introspection endpoint descriptions |
This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11
Feedback submitted, thanks!