Skip to main content
Splunk® Enterprise

REST API Reference Manual

Splunk® Enterprise
7.2.8
Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Deployment endpoint descriptions

Manage deployment servers and clients.

A deployment server configures a deployment client. Deployment clients and servers can reside on separate, distributed, Splunk instances or can reside on the same instance.

Usage details

Review ACL information for an endpoint

To check Access Control List (ACL) properties for an endpoint, append /acl to the path. For more information see Access Control List in the REST API User Manual.

Authentication and Authorization

Username and password authentication is required for access to endpoints and REST operations.

Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.

App and user context

Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. For more information about specifying a namespace, see Namespace in the REST API User Manual.

Splunk Cloud limitations

If you have a managed Splunk Cloud deployment with search head clustering and index clustering, the REST API supports access to the search head only. You can use the REST API to interact with the search head in your deployment. Using the REST API to access any other cluster member nodes is not supported. For example, deployment endpoints are not applicable to Splunk Cloud deployments.

See Using the REST API in Splunk Cloud in the the Splunk REST API Tutorials for more information.


deployment/client

https://<host>:<mPort>/services/deployment/client

List deployment client configuration and status.


GET

Expand

Get deployment client list with enabled status, server class, and host and port number of each.



deployment/client/config

https://<host>:<mPort>/services/deployment/client/config


Get deployment client configuration and status.


GET

Expand

Get deployment client enabled status, server class for app distribution, and host and port number.


deployment/client/config/listIsDisabled

https://<host>:<mPort>/services/deployment/client/config/listIsDisabled


Get deployment client status.

GET

Expand

Get deployment client disabled status.


deployment/client/config/reload

Access information on reloading the named client.


POST

Expand

Access client reload information.


deployment/client/{name}/reload

https://<host>:<mPort>/services/deployment/client/{name}/reload

Restart and reload the {name} deployment client.


POST

Expand

Restart and reload {name} deployment client.


deployment/server/applications

https://<host>:<mPort>/services/deployment/server/applications

List distributed apps.


GET

Expand

List distributed apps, including distributed state information.


deployment/server/applications/{name}

https://<host>:<mPort>/services/deployment/server/applications/{name}

Get or update distribution information for {name} app.


GET

Expand

Get {name} app distribution information.


POST

Expand

Update {name} app distribution information.


deployment/server/clients

https://<host>:<mPort>/services/deployment/server/clients

Provides access to information about clients to a deployment server.


GET

Expand

Access information about clients to a deployment server.


deployment/server/clients/countClients_by_machineType

https://<host>:<mPort>/services/deployment/server/clients/countClients_by_machineType

Access information about deployment clients to this server according to the machine type of the client.


GET

Expand

List the count of deployment clients for this server by machine type.


deployment/server/clients/countRecentDownloads

https://<host>:<mPort>/services/deployment/server/clients/countRecentDownloads

Access the count of the number of downloads from this client to the deployment server during the last specified time period.


GET

Expand

Return the count of the number of downloads from this client to the deployment server during the last specified time period.


deployment/server/clients/{name}

https://<host>:<mPort>/services/deployment/server/clients/{name}

Get client information or remove a client.


DELETE

Expand

Remove the specified client from the deployment server registry. The next time the client "phones home" the record is re-created.


GET

Expand

Lists information about the named client to the deployment server.


deployment/server/config

https://<host>:<mPort>/services/deployment/server/config


Access server configuration information for deployment servers.


GET

Expand

List configuration information for all deployment servers.


deployment/server/config/attributesUnsupportedInUI

https://<host>:<mPort>/services/deployment/server/config/attributesUnsupportedInUI


Access deployment server attributes that cannot be configured from Splunk Web.


GET

Expand

Lists deployment server attributes that cannot be configured from Splunk Web.


deployment/server/config/listIsDisabled

https://<host>:<mPort>/services/deployment/server/config/listIsDisabled

Access deployment server enablement status.


GET

Expand

Access deployment server enablement status.


deployment/server/serverclasses

https://<host>:<mPort>/services/deployment/server/serverclasses

Access information about server classes.


GET

Expand

List server classes for this deployment server.


POST

Expand

Create a server class.


deployment/server/serverclasses/rename

https://<host>:<mPort>/services/deployment/server/serverclasses/rename

Rename a server class.


POST

Expand

Specify a new name for a server class.


deployment/server/serverclasses/{name}

https://<host>:<mPort>/services/deployment/server/serverclasses/{name}

Manage the {name} serverclass.


DELETE

Expand

Remove the specfied server class from this deployment server.


GET

Expand

List information about the named server class.


POST

Expand

Update the named server class.


search/distributed/bundle-replication-files

https://<host>:<mPort>/services/search/distributed/bundle-replication-files

Access information for the most recent distributed search bundle.


GET

Expand

List distributed search bundle replication files.


search/distributed/bundle-replication-files/{name}

https://<host>:<mPort>/services/search/distributed/bundle-replication-files/{name}

Get {name} bundle replication file information.


GET

Expand

List information about the specified bundle replication file. For {name}, specify the checksum for the file.


search/distributed/config

https://<host>:<mPort>/services/search/distributed/config


Provides access to the Splunk Enterprise distributed search options. This option is not for adding search peers.

GET

Expand

Lists the configuration options for the distributed search system.


search/distributed/peers

https://<host>:<mPort>/services/search/distributed/peers


Provides distributed peer server management. A search peer is defined as a Splunk server to which another Splunk server distributes searches. The Splunk server where the search request originates is referred to as the search head.


GET

Expand

Get configured search peers to which this search head is configured to distribute searches. This includes configured but disabled search peers.

POST

Expand

Add a new distributed search peer.


search/distributed/peers/{name}

https://<host>:<mPort>/services/search/distributed/peers

Manage distributed peer servers. A search peer is defined as a Splunk server to which another Splunk server distributes searches. The Splunk server where the search request originates is referred to as the search head.


POST

Expand

Update a peer server.



Last modified on 11 January, 2021
Configuration endpoint descriptions   Input endpoint descriptions

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters