Splunk® Enterprise

REST API Reference Manual

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Endpoints reference list

Navigate to specific endpoints and review available REST operations. Endpoints are listed alphabetically.

The PUT operation is not available for REST API endpoints. Depending on the endpoint, you can use a POST operation to create and/or update resources. Check specific endpoints for details.


Namespace access
Some resources in the REST API are associated with specific namespaced user and app contexts.

To access namespaces associated with all users, all apps, or resources shared by all users for an endpoint (similar to 'file globbing' or 'recursion' of input directories), make a GET request using servicesNS with wildcard - characters for the app and user. For example, use /servicesNS/-/-/saved/searches.

For more details, see Namespace in the REST API User Manual.


Endpoints

Jump to: A - C - D - I - L - M - P - R - S


URI
Summary GET PUT POST DEL
admin/
admin/LDAP-groups Access
Manage LDAP authentication.
admin/metrics-reload/_metrics Access
Reload the metrics processor after updating a metrics-related configuration.
admin/ProxySSO-auth Access
Manage ProxySSO mappings and configurations.
admin/replicate-SAML-certs Access
Manage SAML authentication.
admin/Rsa-MFA Access
Configure RSA Multifactor Authentication.
admin/Rsa-MFA-config-verify/<rsa-stanza-name> Access
Verify RSA multifactor authentication.

admin/SAML-groups

Access
Convert external groups in an IdP response to internal Splunk platform roles.

admin/SAML-idp-metadata

Access
Access IdP SAML metadata attributes.

admin/SAML-sp-metadata

Access
Access service provider SAML metadata attributes.

admin/SAML-user-role-map

Access
Access or create SAML user and role information for saved searches if your IdP does not support Attribute Query Requests.

admin/SAML-user-role-map/{name}

Access
Access or create SAML user and role information for saved searches if your IdP does not support Attribute Query Requests.

alerts/ GET PUT POST DELETE
alerts/alert_actions Search
Access a list of alert actions


alerts/fired_alerts Search
Access all fired alerts

alerts/fired_alerts/{name} Search
Access specific fired alert

apps/ GET PUT POST DELETE
apps/appinstall Applications
Install app from URL or local file

apps/apptemplates Applications
Access app templates for creating new apps

apps/apptemplates/{name} Applications
Access particular app template

apps/local Applications
Manage local apps

apps/local/{name} Applications
Manage specific local app

apps/local/{name}/package Applications
Archive an app

apps/local/{name}/setup Applications
Access setup information for an app

apps/local/{name}/update Applications
Access update information for an app

authentication/ GET PUT POST DELETE
auth/login Access control
Provide user authentication

authentication/current-context Access control
Access current user contexts

authentication/current-context/{name} Access control
Access specific user context

authentication/httpauth-tokens Access control
Manage session tokens

authentication/httpauth-tokens/{name} Access control
Manage specific session token

authentication/LDAP-auth Access
Create and manage LDAP strategies.
authentication/providers/SAML Access control
Access and create SAML configurations.

authentication/providers/SAML/{stanza_name} Access control
Access and update SAML configurations.


authentication/users Access control
Manage user accounts

authentication/users/{name} Access control
Manage specific user account


authorization/ GET PUT POST DELETE
authorization/capabilities Access control
Access capability authorization

authorization/grantable_capabilities Access control
Access capabilities that current user can grant.


authorization/roles Access control
Access user roles

authorization/roles/{name} Access control
Access specific user role


catalog/
GET PUT POST DELETE
catalog/metricstore/metrics Metrics
List metric names.

catalog/metricstore/dimensions Metrics
List dimension names.

catalog/metricstore/dimensions/{dimension-name}/values Metrics
List values for given dimensions.

cluster/
GET PUT POST DELETE
cluster/config Clusters
Access cluster configuration

cluster/config/config Clusters
Manage cluster configuration

cluster/master/buckets Clusters
Access master node bucket configurations

cluster/master/buckets/{name} Clusters
Access specific bucket configuration, master node

cluster/master/control/control/rebalance_primaries Clusters
Access master controls to rebalance primary buckets across peers

cluster/master/control/control/remove_peers Clusters
Remove disabled peer nodes.

cluster/master/control/control/roll-hot-buckets Clusters
Force a specified bucket in an indexer cluster to roll from hot to warm.

cluster/master/control/control/rolling_upgrade_finalize Clusters
Finalizes indexer cluster rolling upgrade
cluster/master/control/control/rolling_upgrade_init Clusters
Initializes indexer cluster rolling upgrade
cluster/master/generation Clusters
Access current generations information, master node

cluster/master/generation/{name} Clusters
Access specific generation information, cluster master

cluster/master/health Clusters
Performs health checks


cluster/master/indexes Clusters
Access cluster index information

cluster/master/indexes/{name} Clusters
Access specific cluster index information

cluster/master/info Clusters
Access cluster master node information

cluster/master/peers Clusters
Access peer information, master node

cluster/master/peers/{name} Clusters
Access specific master node peer information

cluster/master/sites Clusters
Access cluster site information

cluster/master/sites/{name} Clusters
Access specific cluster site information

cluster/master/status Clusters
Status of rolling restart
cluster/searchhead/generation Clusters
Access searchhead peer information

cluster/searchhead/generation/{name} Clusters
Access specific searchhead peer information

cluster/searchhead/searchheadconfig Clusters
Access cluster configuration for searchhead

cluster/searchhead/searchheadconfig/{name} Clusters
Access specific cluster node

cluster/slave/buckets Clusters
Access peer bucket configuration information

cluster/slave/buckets/{name} Clusters
Access specific peer bucket configuration information

cluster/slave/control/control/decommission Clusters
Decommission indexer cluster peer node
cluster/slave/control/control/set_manual_detention Clusters
Configure indexer detention.

cluster/slave/info Clusters
Access peer node information

cluster/slave/info/{name} Clusters
Access information about specific peer

configs/ GET PUT POST DELETE
configs/conf-{file} Configuration
Raw access to .conf files

configs/conf-{file}/{name} Configuration
Raw access to specific .conf file

data/
GET PUT POST DELETE
data/commands Search
Access search commands

data/commands/{name} Search
Access specific search command

data/index-volumes Indexes
Access logical drive information

data/index-volumes/{name} Indexes
Access information for a logical drive

data/indexes Indexes
Manage data indexes

data/indexes/{name} Indexes
Manage specific data index

data/indexes-extended Indexes
Access index bucket level information

data/indexes-extended/{name} Indexes
Access specific index bucket level information

data/inputs/ad Inputs
Access Active Directory monitoring input

data/inputs/ad/{name} Inputs
Access Active Directory monitoring stanza

data/inputs/all Inputs
Access all inputs, including Modular Inputs

data/inputs/all/{name} Inputs
Access specific input

data/inputs/http Input
Configure HTTP Event Collection.
data/inputs/http/{name} Input
Configure HTTP Event Collection.
data/inputs/monitor Inputs
Access monitor inputs

data/inputs/monitor/{name} Inputs
Manage specific monitor input

data/inputs/monitor/{name}/members Inputs
Access files for the specific monitor input

data/inputs/oneshot Inputs
Access one-shot inputs

data/inputs/oneshot/{name} Inputs
Access specific one-shot input information

data/inputs/registry Inputs
Access Windows registry monitor input

data/inputs/registry/{name} Inputs
Manage Windows registry monitor stanza

data/inputs/script Inputs
Manage scripted inputs settings

data/inputs/script/restart Inputs
Restart scripted input

data/inputs/script/{name} Inputs
Manage specific scripted input

data/inputs/tcp/cooked Inputs
Access forwarder TCP inputs

data/inputs/tcp/cooked/{name} Inputs
Manage TCP inputs for specific host:port

data/inputs/tcp/cooked/{name}/connections Inputs
Access connections for specific port

data/inputs/tcp/raw Inputs
Manage raw forwarder TCP inputs

data/inputs/tcp/raw/{name} Inputs
Access raw TCP input information

data/inputs/tcp/raw/{name}/connections Inputs
Manage raw TCP input information for specific host:port

data/inputs/tcp/splunktcptoken Inputs
Manage receiver access using tokens.

data/inputs/tcp/splunktcptoken/{name} Inputs
Manage existing receiver tokens.

data/inputs/tcp/ssl Inputs
Access SSL configuration information

data/inputs/tcp/ssl/{name} Inputs
Access SSL configuration for specific host

data/inputs/token/http Inputs
Access http inputs

data/inputs/token/http/{name} Inputs
Manage specific http input

data/inputs/token/http/{name}/enable Inputs
Enable the {name} HTTP Event Collector token.

data/inputs/token/http/{name}/disable Inputs
Disable the {name} HTTP Event Collector token.


data/inputs/udp Inputs
Access UDP inputs

data/inputs/udp/{name} Inputs
Manage specific UDP input

data/inputs/udp/{name}/connections Inputs
Manage specific UDP input connection

data/inputs/win-event-log-collections Inputs
Access all configured event log collections

data/inputs/win-event-log-collections/{name} Inputs
Manage specific event log

data/inputs/win-perfmon Inputs
Access Windows performance monitor information

data/inputs/win-perfmon/{name} Inputs
Manage specific performance monitor configuration stanza

data/inputs/win-wmi-collections Inputs
Access configured WMI collections

data/inputs/win-wmi-collections/{name} Inputs
Manage specific WMI collection

data/lookup-table-files Knowledge
Access lookup table files

data/lookup-table-files/{name} Knowledge
Manage specific lookup table file

data/modular-inputs Inputs
Access defined modular inputs

data/modular-inputs/{name} Inputs
Manage specific modular input

data/outputs/tcp/default Outputs
Access global TCP output properties

data/outputs/tcp/default/{name} Outputs
Manage specific TCP output property setting

data/outputs/tcp/group Outputs
Access data forwarding group configurations

data/outputs/tcp/group/{name} Outputs
Manage specific data forwarding group

data/outputs/tcp/server Outputs
Access data forwarding configurations

data/outputs/tcp/server/{name} Outputs
Manage specific forwarder configuration

data/outputs/tcp/server/{name}/allconnections Outputs
Access current connections for specific forwarder

data/outputs/tcp/syslog Outputs
Access forwarded server configured to provide data in standard syslog format

data/outputs/tcp/syslog/{name} Outputs
Manage specific forwarder, which sends data in syslog format

data/props/calcfields Knowledge
Access props.conf file calculated fields

data/props/calcfields/{name} Knowledge
Manage specific props.conf file calculated field

data/props/extractions Knowledge
Access props.conf file search-time field extractions

data/props/extractions/{name} Knowledge
Manage specific props.conf file field extraction

data/props/fieldaliases Knowledge
Access props.conf file field aliases

data/props/fieldaliases/{name} Knowledge
Manage specific props.conf file field alias

data/props/lookups Knowledge
Access props.conf file automatic lookups

data/props/lookups/{name} Knowledge
Manage specific props.conf file automatic lookup

data/props/sourcetype-rename Knowledge
Access renamed sourcetypes configured in props.conf file

data/props/sourcetype-rename/{name} Knowledge
Manage specific props.conf file sourcetype name

data/summaries Introspection
Get disk usage information about all summaries in an indexer.

data/summaries/{summary_name} Introspection
Get disk usage information about a particular summary in an indexer.

data/transforms/extractions Knowledge
Access field extraction definitions

data/transforms/extractions/{name} Knowledge
Manage specific field extraction definition

data/transforms/lookups Knowledge
Access transforms.conf file lookup definitions

data/transforms/lookups/{name} Knowledge
Manage specific transforms.conf file lookup definition

data/transforms/metric-schema Knowledge
Review and manage ingest-time log-to-metrics configurations.

data/transforms/statsdextractions Knowledge
Configure metrics dimension extraction for StatsD.


data/ui/panels Knowledge
Create dashboard panel XML definitions.

data/ui/views Knowledge
Create dashboard XML definitions.

data/ui/views/{name} Knowledge
Access, update, or delete dashboard XML.


datamodel/ GET PUT POST DELETE
datamodel/model Knowledge
Access information about data models

datamodel/model/{name} Knowledge
Access information about a data model

datamodel/pivot Knowledge
Access pivots based on named data models

deployment/ GET PUT POST DELETE
deployment/client Deployment
Access deployment client information


deployment/client/config Deployment
Access deployment client configuration

deployment/client/config/listIsDisabled Deployment
Access deployment client state information

deployment/client/config/reload Deployment
Access deployment client reload information

deployment/client/{name}/reload Deployment
Manage specific deployment client reload

deployment/server/applications Deployment
Access deployment server application and class information

deployment/server/applications/{name} Deployment
Manage specific server client application and class information

deployment/server/clients Deployment
Access deployment server client information

deployment/server/clients/countClients_by_machineType Deployment
Access deployment server client information by machine type

deployment/server/clients/countRecentDownloads Deployment
Access client download information

deployment/server/clients/{name} Deployment
Manage specific client

deployment/server/config Deployment
Access deployment server configuration

deployment/server/config/attributesUnsupportedInUI Deployment
Access deployment server attributes not available using Splunk Web

deployment/server/config/listIsDisabled Deployment
Access deployment server state

deployment/server/serverclasses Deployment
Access server class information

deployment/server/serverclasses/{name} Deployment
Manage specific server class of deployment server

deployment/server/serverclasses/rename Deployment
Manage server class name

directory/ GET PUT POST DELETE
directory Knowledge
Access user-configurable entities

directory/{name} Knowledge
Manage specific entity in directory service enumeration

indexing/
GET PUT POST DELETE
indexing/preview Deployment
Preview events from a file before indexing

indexing/preview/{job_id} Inputs
Access props.conf file settings for specific data preview job

kvstore/
GET PUT POST DELETE
kvstore/backup/create KV store
Create a KV Store backup archive file.
kvstore/backup/restore KV store
Extracts the KV Store backup archive file and restores the KV Store.
kvstore/status KV store
Access KV store status information for standalone or search head clustering (SHC) deployments.
licenser/
GET PUT POST DELETE
licenser/groups Licensing
Access licenser groups configuration

licenser/groups/{name} Licensing
Manage specific licenser group configuration

licenser/licenses Licensing
Access licenses

licenser/licenses/{name} Licensing
Manage specific license

licenser/localslave Licensing
Get information about relevant license state for the splunk instance.

licenser/messages Licensing
Access licenser messages

licenser/messages/{name} Licensing
Access specific licenser message

licenser/pools Licensing
Access licenser pool information

licenser/pools/{name} Licensing
Manage specific licenser pool

licenser/slaves Licensing
Access license master slaves

licenser/slaves/{name} Licensing
Access specific license master slave

licenser/stacks Licensing
Access license stack configuration

licenser/stacks/{name} Licensing
Access specific license stack configuration

licenser/usage Licensing
Access current usage information.

messages/
GET PUT POST DELETE
messages System
Manage system messages

messages/{name} System
Manage specific system message

properties/
GET PUT POST DELETE
properties Configuration
Access configuration files

properties/{file_name} Configuration
Manage specific configuration file

properties/{file_name}/{stanza_name} Configuration
Manage specific configuration file stanzas

properties/{file_name}/{stanza_name}/{key_name} Configuration
Manage specific stanza in specific configuration file

receivers/
GET PUT POST DELETE
receivers/simple Inputs
Use HTTP to send events

receivers/stream Inputs
Use socket to stream events

receivers/token Input
Log events using HTTP Input with application authentication token.

receivers/token/event Input
Post JSON formatted data to the data input endpoint.

receivers/token/event/1.0 Input
Post JSON formatted data to the data input endpoint.

receivers/token/mint Input
Post MINT formatted data to the data input endpoint.

receivers/token/mint/1.0 Input
Post MINT formatted data to the data input endpoint.

saved/
GET PUT POST DELETE
saved/eventtypes Knowledge
Manage saved event types

saved/eventtypes/{name} Knowledge
Manage specific saved event type

saved/searches Search
Manage saved searches configuration

saved/searches/{name} Search
Manage specific saved search

saved/searches/{name}/acknowledge Search
Manage saved search alerting

saved/searches/{name}/dispatch Search
Dispatch saved search

saved/searches/{name}/history Search
Access saved search job history

saved/searches/{name}/reschedule Search
Manage saved search job scheduling

saved/searches/{name}/scheduled_times Search
Access saved search scheduled times


saved/searches/{name}/suppress Search
Access saved search alerting state

scheduled/ GET PUT POST DELETE
scheduled/views Search
Access scheduled views for PDF delivery

scheduled/views/{name} Search
Manage specific scheduled view

scheduled/views/{name}/dispatch Search
Dispatch search for specific scheduled view

scheduled/views/{name}/history Search
Access specific scheduled view job history

scheduled/views/{name}/reschedule Search
Manage scheduled view scheduling

scheduled/views/{name}/scheduled_times Search
Access specific scheduled view times

search/ GET PUT POST DELETE
search/distributed/bundle-replication-files Deployment
Access distributed search bundle replication files

search/distributed/bundle-replication-files/{name} Deployment
Access specific search bundle replication file

search/distributed/config Deployment
Access distributed search options

search/distributed/peers Deployment
Manage distributed server peers

search/distributed/peers/{name} Deployment
Manage distributed server peers

search/fields Knowledge
Access search field configuration

search/fields/{field_name} Knowledge
Access specific search field configuration

search/fields/{field_name}/tags Knowledge
Manage tags associated with specific search field

search/jobs Search
Manage search jobs

search/jobs/{search_id} Search
Manage specific search job

search/jobs/{search_id}/control Search
Execute job control command for specific search


search/jobs/{search_id}/events Search
Access events for specific search

search/jobs/{search_id}/results Search
Access results of specific search

search/jobs/{search_id}/results_preview Search
Access preview results for specific search

search/jobs/{search_id}/search.log Search
Access search.log file for specific search

search/jobs/{search_id}/summary Search
Access getFieldsAndStats output of so-far-read events

search/jobs/{search_id}/timeline Search
Access event distribution over time

search/jobs/export Search
Stream search results

search/parser Search
Access search language parsing services

search/scheduler Search
Access search scheduler enablement status.

search/scheduler/status Search
Disable or enable the search scheduler.

search/tags/{tag_name} Knowledge
Manage specific search time tag

search/timeparser Search
Parse time argument

search/typeahead Search
Suggest search string auto-completion strings

server/ GET PUT POST DELETE
server/control System
Access server controls

server/control/restart System
Restart Splunk Enterprise splunkd server daemon.

server/control/restart_webui System
Restart Splunk Enterprise splunkweb Web interface process.

server/httpsettings/proxysettings System
Create an HTTP proxy configuration stanza.
server/httpsettings/proxysettings/proxyConfig System
Update HTTP proxy settings.
server/health/splunkd Introspection
Access splunkd health status information.

server/health/splunkd/details Introspection
Access splunkd feature health status information.

server/health-config Introspection
Access splunkd health report configuration information.

server/health-config/{alert_action} Introspection
Configure alert actions for the splunkd health report.

server/health-config/{feature_name} Introspection
Edit feature and indicator settings for the splunkd health report.

server/info Introspection
Access Splunk instance information

server/sysinfo Introspection
Access server information

server/introspection Introspection
List introspection resources

server/introspection/indexer Introspection
Get indexer status

server/introspection/kvstore Introspection
List app kvstore status resources

server/introspection/kvstore/collectionstats Introspection
Get storage statistics for a collection.

server/introspection/kvstore/replicasetstats Introspection
Get the status of the replica set from the point of view of the current server.

server/introspection/kvstore/serverstatus Introspection
Get an overview of the database process state.

server/introspection/search/saved Introspection
Check most recent search scheduling details.

server/logger System
Access logging categories

server/logger/{name} System
Manage specific logging category

server/roles System
Access server configuration

server/settings System
Access server configuration

server/status Introspection
Access system status information

server/status/dispatch-artifacts Introspection
Access search job information

server/status/fishbucket Introspection
Access information about the private BTree database

server/status/installed-file-integrity Introspection
Check for system file irregularities.

server/status/limits/search-concurrency Introspection
Access search concurrency metrics

server/status/partitions-space Introspection
Access disk utilization information

server/status/resource-usage Introspection
Access current resource utilization information

server/status/resource-usage/hostwide Introspection
Access host-level resource utilization information

server/status/resource-usage/iostats Introspection
Access the most recent disk I/O statistics for each disk. This endpoint is currently available only for Linux.

server/status/resource-usage/splunk-processes Introspection
Access operating system resource utilization information

services/collector
GET PUT POST DELETE
services/collector Input
Log events using HTTP Event Collector.

services/collector/ack Input
Query event indexing status.

services/collector/event Input
Post JSON formatted data to the data input endpoint.

services/collector/health Input
Checks if HEC is healthy and able to accept new data from a load balancer.
services/collector/mint Input
Post MINT formatted data to the data input endpoint.

services/collector/raw Input
Send raw data directly to the indexer queue.

shcluster/
GET PUT POST DELETE
shcluster/captain/artifacts Clusters
Get artifact configuration information for a cluster captain node.

shcluster/captain/artifacts/{name} Clusters
Get artifact configuration information for {name} node.


shcluster/captain/control/control/upgrade-init Clusters
Initiate rolling upgrade of SHC.
shcluster/captain/control/control/upgrade-finalize Clusters
Finish rolling upgrade of SHC.
shcluster/captain/control/default/restart Clusters
Initiate rolling restart of SHC.


shcluster/captain/info Clusters
Access information about searchhead cluster captain node.

shcluster/captain/jobs Clusters
List running and recently finished jobs for all cluster members.

shcluster/captain/jobs/{name} Clusters
Get running and recently finished jobs for {name} cluster.

shcluster/captain/members Clusters
List cluster members.

shcluster/captain/members/{name} Clusters
Get information about the {name} searchhead cluster member.

shcluster/config Clusters
List searchhead cluster node configuration.

shcluster/config/config Clusters
Configure search head cluster members.
shcluster/member/artifacts Clusters
Get searchhead cluster member artifact configuration.

shcluster/member/artifacts/{name} Clusters
Get {name} member artifact configuration.

shcluster/member/consensus Clusters
Get latest cluster configuration from the raft consensus protocol.

shcluster/member/control/control/set_manual_detention Clusters
Adjust search head manual detention mode.
shcluster/member/info Clusters
Get searchhead cluster member node information.

shcluster/status Clusters
Determine SHC health status.


replication/configuration/health Clusters
Get configuration replication health statistics for a SHC.
storage/ GET PUT POST DELETE
storage/passwords Access control
Manage authentication credentials

storage/passwords/{name} Access control
Manage specific authentication credential

storage/collections GET PUT POST DELETE
storage/collections/config KV store
Create or list connections.

storage/collections/config/{collection} KV store
Manage a specific collection.

storage/collections/data/{collection} KV store
Manage items of a collection.

storage/collections/data/{collection}/{id} KV store
Manage a specific item of a collection.

storage/collections/data/{collection}/batch_save KV store
Perform multiple save operations.

workloads/ GET PUT POST DELETE
workloads/config/enable Workloads
Enable workload management.
workloads/config/disable Workloads
Disable workload management.
workloads/config/get-base-dirname Workloads
Get the name of the splunk parent cgroup.
workloads/config/set-base-dirname Workloads
Set the name of the splunk parent cgroup.
workloads/status Workloads
Get information on the current status of the workload management.
workloads/pools Workloads
Perform CRUD operations on workload pools.
workloads/rules Workloads
Perform CRUD operations on workload rules.
Last modified on 14 October, 2019
Using the REST API reference   Access endpoint descriptions

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters