Splunk® Enterprise

Module System Reference

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.3 will no longer be supported as of June 4, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

SplunkRESTModel

Important notice: As part of Advanced XML deprecation, the Module System is officially deprecated beginning with Splunk Enterprise 6.3. For more information, see Advanced XML Deprecation.

all()

The all() method retrieves the entire set of model objects for all the models in scope. This convenience method is a wrapper for SplunkQuerySet.all().

Use this method in combination with SplunkQuerySet.filter(), SplunkQuerySet.filter_by_app(), SplunkQuerySet.filter_by_user(), and SplunkQuerySet.search() to populate lists or locate specific entities from the pool of models in scope.

Synopsis

qsObj = all()

Return Value

Object A SplunkQuerySet object containing a list of all models in scope.

Example

Example 1

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   def index(self):
       apps  = self.all()

class MyAppModel(SplunkRESTModel):

   def index(self):
       apps  = self.all().filter(is_disabled=False)

Example 2

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   def index(self):
       apps  = self.all().filter(is_disabled=False)

build_id()

The build_id() method generates an ID string from the specified object name and the resource URI path defined in the model.

Synopsis

resId = build_id( name, namespace, owner )

Parameters

name String Entity name.
namespace String Entity namespace, or application name.
owner String Entity owner.

Return Value

String Hierarchical URI path to the requested entity in the REST API.

Examples

Example 1

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   try:
       id = MyAppModel.build_id(name='newsearch', namespace='search', owner='admin')
   except:
       raise

Example 2

Without build_id()  :

form_content[key] = EventType.get('/servicesNS/%s/%s/saved/eventtypes/%s' %\

                                     (user, 'webintelligence', key))

Alternative using build_id()  :

et = Eventtype.build_id(key, 'webintelligence', user) form_content[key] = EventType.get(et)

See Also

get()

create()

The create() method creates a new version of the current object from the settings stored when the object was instantiated.

Synopsis

status = create()

Return Value

Boolean Object create status:
True = Object successfully created.
False = Current object already has an ID, or unable to create a new entity. Object not created.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel): if MyAppModel.create():

   ... elided ...

else:

   ... elided ...

See Also

delete()

delete()

The delete() method deletes the current entity.

Synopsis

status = delete()

Return Value

Boolean Entity delete request status:
True = Entity successfully deleted.
False = Entity not deleted. Current object has invalid ID or non-200 HTTP error code returned.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel): if MyAppModel.delete():

   ... elided ...

else:

   ... elided ...

See Also

create()

from_entity()

The from_entity() method populates the current model with the specified entity.

Synopsis

status = from_entity( entity )

Parameters

entity Object Entity from which to populate the current model.

Return Value

Boolean Populate model request status:
True = Model successfully populated.
False = Invalid entity  ; module not populated.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel): def populateModel (entity):

   try:
       my_entity = Eventtype.all().filter(name='failed-logins')
   except Exception, ex:
       raise
   my_instance = Eventtype('search', 'admin', 'failed-logins', entity=my_entity)
   if not my_instance.from_entity(my_instance.entity):
       ... elided ...
   else:
       ... elided ...

See Also

get()
save()

get()

The get() method is a generic getter that gets the value associated with the named key, provided the key is defined for the context. A context is a user-defined dictionary of name-value pairs.

Synopsis

value = get( name )

Parameters

name String Context dictionary key.

Return Value

Object Value corresponding to the name key. If name does not exist, the method returns null.

Note that this method returns a value and not a reference.

Example

getSearch: function() {

   var context = this.getContext()
   return context.get('search');

}

See Also

enforceByValue()
getAll()
set()

get_mutable_fields()

The get_mutable_fields() method gets a list of field names that can be modified using update().

Synopsis

results = get_mutable_fields( args, arg2)

Return Value

List List of keys of mutable fields for the current entity.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel): def getFieldsToChange ():

   event_type = self.get(self.build_id('myeventtype', 'search', 'admin'))
   return m_fields = self.get_mutable_fields()

See Also

update()

is_mutable()

The is_mutable() method tests for mutability of the attrname field.

Synopsis

status = is_mutable( attrname )

Parameters

attrname String Field name.

Return Value

String Field mutability status:
True = The attrname field is mutable.
False = The attrname field is not mutable.

Example

from splunk.models.base import SplunkRESTModel import cherrypy

class MyAppModel(SplunkRESTModel):

   def generateResults(self, host_app=None, client_app=None, savedSearchName=None):
       from splunk.models.saved_search import SavedSearch
       saved_search = SavedSearch(, cherrypy.session['user']['name'], 'newsearch')
       return saved_search.is_mutable('alert.severity')

See Also

get_mutable_fields()

manager()

The manager() method instantiates a new SplunkRESTManager instance based on the current SplunkRESTModel instance, which usually represents a unique entity.

Synopsis

results = manager()

Return Value

Object A new SplunkRESTManager instance.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   def newInstance(owner, namespace):
       entity = self.manager()._get_new_entity(namespace, owner)
       return entity

See Also

SplunkRESTManager

order_by()

The order_by() method gets a clone of the current result set, ordered by the specified model field and sorting order.

Synopsis

clone = order_by( key, direction)

Parameters

key String Key to sort on.
direction String Sort dirrection:
asc = Ascending order.
desc = Descending order.

Return Value

Object A clone of the current SplunkRESTModel object sorted by key and direction.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

See Also

all()
search()
order_by()

parse_except_messages()

The parse_except_messages() method parses errors raised by SplunkRESTModel operations into a flat list.

Note: In general, this method does not need to be called explicitly. It is used by passive_save() to handle error messaging, usually to pass the error messages to a template.

Synopsis

messages = parse_except_messages( e )

Parameters

e Object Exception message to parse.

Return Value

List List of error message strings.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   def errorMsgs(self):
       self.errors = []
       try:
           ... elided ...
       except Exception, e:
           self.errors = 
               [x.replace("In handler 'savedsearch':", ).lstrip() for x in self.parse_except_messages(e)]
           return False
       else:
           return True

See Also

passive_save()

passive_save()

The passive_save () method attempts to save the model without raising an exception. The return value indicates if an exception occurred, and exception messages are added to the instance member.

The method flushes errors instance member before adding messages to avoid duplicate or stale entries.

Synopsis

eStatus = passive_save()

Return Value

Boolean Exception status:
True = An exception did not occur.
False = An exception occurred.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   @expose_page(must_login=True, trim_spaces=True, methods=['POST'])
   def save(self, **params):
       ... elided ...
       for key in form_content.keys():
           if not form_content[key].passive_save():
               return self.render_template(
                   '/myapp/templates/setup.html',
                   dict(name=key, form_content=form_content))

See Also

parse_except_messages()
save()

save()

The save() method saves the current job, which permits the job to persist, indefinitely. Calling this method has no effect if the job has already completed, although the save operation will be considered successful. A saved job cannot be auto-canceled by the UI or by calling setAsAutoCancellable().

Synopsis

save( onSuccess, onFailure)

Parameters

onSuccess Function (Optional) Function to execute upon successful operation.
onFailure Function (Optional) Function to execute upon unsuccessful operation.

Example

var context = this.getContext(); var search = context.get('search');

search.job.save(

   function() { console.log('Current job successfully saved!'); },
   function() { console.log('Failed to save the current job!'); } );

See Also

canBeAutoCancelled()
isSaved()
setAsAutoCancellable()
unsave()

search()

The search () method gets a clone of the current query set constrained by the specified search_string. This method is used to perform free text search against a SplunkQuerySet to limit the results returned.

Synopsis

clone = search( search_string )

Parameters

search_string String Search string by which to constrain the results.

Return Value

Object Clone of the current SplunkQuerySet with only members that match the specified search_string.

Example

from splunk.models.base import SplunkRESTModelfrom splunk.models.fired_alert import FiredAlert, FiredAlertSummary

class MyAppModel(SplunkRESTModel):

       def index(self, app, **params):
           ... elided ...
           if not 'alerts_id' in params:
               fired_alerts = FiredAlert.all()
           else:
               fired_alerts = FiredAlert.get_alerts(
                       urllib.unquote_plus(params.get('alerts_id')))
           # augment query with search
           if len(search_string) > 0:
               fired_alerts = fired_alerts.search(' '.join(search_string))
           ... elided ...

See Also

all()
order_by()

set_entity_fields()

The set_entity_fields() method sets the current object entity fields to the specified model fields.

Note: Generally, calling create() is preferred over calling this method.

Synopsis

status = set_entity_fields( entity )

Parameters

entity Object Entity from which to copy metadata fields.

Return Value

Boolean Set request status. This method always returns True, indicating the fields were successfully set.

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   def from_entity(self, entity):
       self._parse_id(entity)
       self._parse_links(entity)
       if not self.id:
           return False
       self.name = entity.name
       if 'eai:acl' in entity:
           self.owner = entity['eai:acl']['owner']
           self.namespace = entity['eai:acl']['app'  ]
       return self.set_entity_fields(entity)

See Also

create()

update()

The update () method updates the current model fields with the specified fields.

Synopsis

update( fields )

Parameters

fields List Collection of Field objects to set in the current model.

Return Value

Undefined

Example

from splunk.models.base import SplunkRESTModel

class MyAppModel(SplunkRESTModel):

   def step1_update(self, app, step, action, **params):
       saved_search = SavedSearch.get(params.get('id'))
       saved_search.update(params)

See Also

get_mutable_fields()
passive_save()
save()

Last modified on 12 August, 2019
PREVIOUS
BaseController
  NEXT
SplunkAppObjModel

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters