Splunk® Enterprise

Upgrade Readiness

Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

REST API reference for the Upgrade Readiness App

Use the REST API to run scans programmatically on your Splunk platform instance.

Endpoints that contain jura apply only to jQuery scans.

Authentication and authorization
To use this REST API, you must have write permissions to the Upgrade Readiness App.

/services/pura_app_list

https://<host>:<mPort>/services/pura_app_list?type={scan_type}

Lists the apps for a user by the scan type


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


GET

Fetches the list of apps for a user by the scan type.

Request parameters
None.

Returned values

Name Description
200
{
          "name": <folder_name_of_apps>,
          "label": <user_friendly_name_of_app>,
          "type": <type_of_app>,
          "link": <link_of_app_on_splunkbase>,
          "version": <version_of_app>,
          "app_path": <path_of_installed_application>"
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_app_list?type=splunkbase  -X GET

Response

{
    "name":"conf_editor",
    "label":"Conf Editor",
    "type":"Splunkbase-Dual",
    "link":"https://splunkbase.splunk.com/app/5393/",
    "visible":"ENABLED",
    "version":"0.1.1",
    "app_path":"/opt/splunk/etc/apps/conf_editor"
}

/services/pura_dismiss_app

https://<host>:<mPort>/services/pura_dismiss_app

Dismisses an application path.


Usage details
To use this endpoint, a previous scan must be available for this user.


POST

Writes an entry for a specified app path in the KV store for the user and updates the JSON report accordingly.

Request parameters
None.

Payload

Name Type Description
app String
Required. Folder name of the app containing the file path you want to dismiss.
app_path String
Required. The absolute app path in which the file is present.

Returned values

Name Description
200
{
		"status": true,
		"message": <success_message>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_dismiss_file -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private"}'  -X POST

Response

{
    "success": true,
    "message": "App: conf_editor_private successfully registered for dismissing the app for user: admin on host: so1. The periodic notification would skip this dismissed app."
}

/services/pura_export_report

https://<host>:<mPort>/services/pura_export_report?ID={scan_ID}&format={file_format}&app_name={app_name}&app_path={app_path}

Fetches a JSON or CSV report for a given scan_ID and app_path.


Usage details
To use this endpoint, a previous scan result must be available, and you must know its scan_ID and app_path.


GET

Fetches the JSON or CSV report for a previous scan, given a scan_ID.

Request parameters

Name Type Description
ID String
Required. The scan ID of a completed scan run by this user.
format String
Required. The format of the report.
app_name String
Required. Name of the app (folder name).
app_path String
Required. The absolute path of the installed app.

Returned values

Name Description
200
{
		"apps": [ <list_of_apps> ],
		"summary": { <dict_of_summary_of_scan> },
		"scan_ID": <ID_of_the_scan_report>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}


Example request and JSON response

Request

curl -k -u username:password https://localhost:8089/services/pura_export_report?ID=admin_1615290732&format=JSON&app_name="conf_editor_private"&app_path="/opt/splunk/etc/apps/conf_editor_private"  -X GET

Response

{
  "apps": [
    {
      "name": "conf_editor_private",
      "label": "Conf Editor Private",
      "version": "1.0.0",
      "app_path": "/opt/splunk/etc/apps/conf_editor_private",
      "summary": {
        "Passed": 2,
        "Blocker": 0,
        "Warning": 1,
        "Skipped": 0,
        "type": "Private App",
        "app_link": "",
        "dismiss_app": 1,
        "dismiss_app_date": "1614862371",
        "Status": "WARNING"
      },
      "checks": [
        {
          "name": "Python in custom Mako templates",
          "result": "PASSED",
          "messages": [

          ],
          "required_action": "None"
        },
        {
          "description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
          "name": "Python scripts",
          "result": "WARNING",
          "messages": [
            {
              "message_filename": "/opt/splunk/etc/apps/conf_editor_private/bin/report.py",
              "code": [
                "@@ -2,6 +2,7 @@\n import sys\n import requests\n import datetime\n+from io import open\n \n if __name__ == \"__main__\":\n   if len(sys.argv) > 1 and sys.argv[1] == \"--execute\":"
              ],
              "result": "warning",
              "message_line": null,
              "dismissed": 0,
              "message": "@@ -2,6 +2,7 @@\n import sys\n import requests\n import datetime\n+from io import open\n \n if __name__ == \"__main__\":\n   if len(sys.argv) > 1 and sys.argv[1] == \"--execute\":\nFile: /opt/splunk/etc/apps/abuseipdb_0/bin/report.py"
            }
          ],
          "required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
        },
        {
          "description": "Splunk Python SDK Check",
          "name": "Splunk Python SDK Check",
          "result": "PASSED",
          "messages": [

          ],
          "required_action": "None"
        }
      ],
      "details": "This app is not compatible with Python 3.",
      "required_action": "Update this app or uninstall it. If you do nothing, the app will fail."
    }
  ],
  "scan_ID": "admin_1615290732"
}


/services/pura_scan_deployment

https://<host>:<mPort>/services/pura_scan_deployment

Triggers a new Python scan of the apps installed on the Splunk platform instance for which you have at least read permission.


Usage details
To use this endpoint, a scan must not be running.


POST

Starts a scan and writes progress in the KV store.

Request parameters
None.

Payload

Name Type Description
apps String Required. List of apps to scan. Obtain this information from the /pura_app_list/ endpoint.
app.name String Required. Name of the app (folder_name).
app.label String Required. User-friendly name of the app.
app.type String Required. Type of the app.
app.link String Link to the app on Splunkbase.
app.version String Version of the app.
app.app_path String Path of the installed app.

Returned values

Name Description
200
{
		"status": true,
		"message": <success_message>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_scan_deployment -H 'Content-Type: application/json' -d '{"apps":[{"name": "conf_editor", "type": "Splunkbase-Dual", "label": "Conf Editor", "link": "https://splunkbase.splunk.com/app/5393/", "version": "0.1.1", "app_path": "/opt/splunk/etc/apps/conf_editor"}]} -X POST

Response

{
	"status": true,
	"message": "Scan called"
}

/services/jura_scan_deployment

https://<host>:<mPort>/services/jura_scan_deployment

Triggers a new jQuery scan of the apps installed on the Splunk platform instance for which you have at least read permission.


Usage details
To use this endpoint, a scan must not be running.


POST

Starts a scan and writes progress in the KV store.

Request parameters
None.

Payload

Name Type Description
apps String Required. List of apps to scan. Obtain this information from the /pura_app_list/ endpoint.
app.name String Required. Name of the app (folder_name).
app.label String Required. User-friendly name of the app.
app.type String Required. Type of the app.
app.link String Link to the app on Splunkbase.
app.version String Version of the app.
app.app_path String Path of the installed app.

Returned values

Name Description
200
{
    "status": true,
    "message": <success_message>
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_scan_deployment -H 'Content-Type: application/json' -d '{"apps":[{"name": "sample_jura_app", "type": "Private App", "label": "Conf Editor", "link": "", "version": "0.1.1", "app_path": "/opt/splunk/etc/apps/sample_jura_app"}]'} -X POST 

Response

{
  "status": true,
  "message": "Scan called"
}

/services/pura_schedule_scan

https://<host>:<mPort>/services/pura_schedule_scan

Schedules a scan at a custom time or at the default time at 1:00 AM daily.

Returns the custom scan details from the KV store if stored.


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


POST

Schedules a scan at the given time interval. By default, if no time is specified, the scan is scheduled for 1:00 AM daily.

Request parameters
None.

Payload

Name Type Description
schedule_scan_type String Required. Type of scan. Accepted values are custom or default.
day String Required. Day interval. For example, 2 runs the scan every 2 days.
hours String Required. Hours of the time at which the scan is to be run.
minutes String Required. Minutes of the time at which the scan is to be run.
am_pm String Required. AM or PM
time_offset String Required.The offset of the timezone. For example, +5:30.

Returned values

Name Description
200
{
		"status": true,
		"message": "Scan called"
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_schedule_scan -H 'Content-Type: application/json' -d '{"schedule_scan_type": "default"}' -X POST

Response

{
	"status": true,
	"message": "Schedule scan details saved"
}

GET

Returns the scan schedule details saved in the KV store.

Request parameters
None.

Returned values

Name Description
200
{
          "user": <user>,
          "host": <hostname>,
          "day": <day_interval>,
          "minutes": <minutes_value_in_time>,
          "hours": <hours_value_in_time>,
          "am_pm": <am_or_pm>",
          "schedule_scan_type": <default_or_custom>,
          "timestamp": <timestamp_at_which_details_were_saved>"
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_schedule_scan -X GET

Response

{
"name":"conf_editor",
    "user":"admin",
    "host":"so1",
    "day":"1",
    "hours":"12",
    "minutes":"22",
    "am_pm":"AM"
    "schedule_scan_type": "custom",
    "timestamp": "1615286051",
    "_user": "nobody",
    "_key": "60474f23dbe8a80b2d1c22e0"
}

/services/pura_sendemail

https://<host>:<mPort>/services/pura_sendemail

Email a specific app report to the specified email addresses and app.


Usage details
To use this endpoint, you must complete a scan and correctly configure email details.


POST

Sends the app report as an email to the specified email addresses.

Request parameters
None.

Payload

Name Type Description
app_name String Required. Name of the app (folder name).
app_path String Required. The absolute path to the application.
subject String Required. The subject of the email.
receiver String Required. A comma-separated list of email addresses to whom the report is to be mailed.
body String Required. Body of the email.

Returned values

Name Description
200
{
		"status": true,
		"message": "Email sent"
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_sendemail -H 'Content-Type: application/json' -d '{"app_name": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "subject": "Subject of the email", "receiver": "email1@email.com, email2@email.com", "body": "Body of the email"}' -X POST

Response

{
	"status": true,
	"message": "Email sent"
}

/services/pura_read_progress

https://<host>:<mPort>/services/pura_read_progress

Reads current progress for an ongoing or completed Python scan.


Usage details
To use this endpoint, you must be running a scan or have completed a scan.


GET

Reads current progress of an ongoing scan on the instance from the KV store or fetches the previous scan results for the user.

Request parameters
None.

Returned values

Name Description
200
{
		"status": <status_of_scan>,
		"message": <message_related_to_status>,
		"progress": <progress_percentage_value>,
		"results": { <dict_of_results_for scan> }
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_read_progress  -X GET

Response when scan is in progress

{
	"message": "1 apps out of 8 scanned. Scanning App: Splunk Add-on Example",
	"progress": 12,
	"results": {},
	"status": "IN_PROGRESS"
}

Response when scan is complete

{
	"status": "COMPMLETE",
	"progress": 100,
	"results": {
		"apps": [
			{
        "name": "conf_editor",
        "label": "Conf Editor",
        "version": "0.1.1",
        "app_path": "/opt/splunk/etc/apps/conf_editor",
        "summary": {
        "Passed": 0,
        "Blocker": 0,
        "Warning": 0,
        "Skipped": 0,
        "Status": "PASSED",
        "type": "Splunkbase-Dual",
        "app_link": "https://splunkbase.splunk.com/app/5393/",
        "dismiss_app": 0,
        "dismiss_app_date": ""
      },
      "details": "This app is compatible with Python 3.",
      "required_action": "None",
      "checks": [
      {
        "description": "Splunk Python SDK Check",
        "name": "Splunk Python SDK Check",
        "result": "success",
        "messages": [

        ]
      }
    ]
  }
],
"summary": {
"splunkbase": 1,
"splunk_supported": 0,
"private": 0,
"public_passed": 1,
"public_blocker": 0,
"public_warning": 0,
"public_unknown": 0,
"private_passed": 0,
"private_blocker": 0,
"private_warning": 0,
"private_unknown": 0,
"scan_completion_time": 1615289038
},
"scan_ID": "admin_1615289038"
},
"message": "Deployment scanned successfully for user: admin",
"progress": 100,
"host_name": "so1"
}


/services/jura_read_progress

https://<host>:<mPort>/services/jura_read_progress

Reads current progress for an ongoing or completed jQuery scan.


Usage details
To use this endpoint, you must be running a scan or have completed a scan.


GET

Reads current progress of an ongoing scan on the instance from the KV store or fetches the previous scan results for the user.

Request parameters
None.

Returned values

Name Description
200
{
    "status": <status_of_scan>,
    "message": <message_related_to_status>,
    "progress": <progress_percentage_value>,
    "results": { <dict_of_results_for scan> }
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_read_progress  -X GET

Response when scan is in progress

{
  "message": "1 apps out of 8 scanned. Scanning App: Splunk Add-on Example",
  "progress": 12,
  "results": {},
  "status": "IN_PROGRESS"
}

Response when scan is complete

{
  "status": "COMPLETE",
  "results": {
    "summary": {
      "scan_completion_time": 1631116022,
      "private_dismissed": 0,
      "private_passed": 0,
      "public_warning": 0,
      "splunk_supported": 0,
      "public_dismissed": 0,
      "splunkbase": 0,
      "private_blocker": 1,
      "private_warning": 0,
      "private_unknown": 0,
      "public_passed": 0,
      "public_unknown": 0,
      "private": 1,
      "public_blocker": 0
    },
    "scan_ID": "splunk-system-user_1631116022",
    "apps": [
      {
        "app_path": "/opt/splunk/etc/apps/sample_jura_app",
        "name": "sample_jura_app",
        "label": "sample_jura_app",
        "version": "1.0.0",
        "summary": {
          "Skipped": 0,
          "type": "Private App",
          "dismiss_app": 0,
          "app_link": "",
          "dismiss_app_date": "",
          "Passed": 0,
          "Warning": 0,
          "Status": "BLOCKER",
          "Blocker": 3
        },
        "checks": [
          {
            "name": "Splunk dashboard jQuery version check",
            "messages": [
              {
                "dismissed": 0,
                "message_filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml",
                "result": "warning",
                "message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
                "code": "1.0",
                "line": null,
                "message_line": null,
                "filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml"
              }
            ],
            "result": "BLOCKER",
            "required_action": "None",
            "description": "Splunk dashboard jQuery version check"
          },
          {
            "name": "Splunk jQuery version check",
            "messages": [
              {
                "dismissed": 0,
                "message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js",
                "result": "warning",
                "message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application.  Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
                "code": "",
                "line": null,
                "message_line": null,
                "filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js"
              }
            ],
            "result": "BLOCKER",
            "required_action": "None",
            "description": "Splunk jQuery version check"
          },
          {
            "name": "Splunk internal library check",
            "messages": [
              {
                "dismissed": 0,
                "message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js",
                "result": "warning",
                "message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
                "code": "",
                "line": null,
                "message_line": null,
                "filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js"
              }
            ],
            "result": "BLOCKER",
            "required_action": "None",
            "description": "Splunk internal library check"
          }
        ],
        "required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
        "details": "This app is not compatible with jQuery 3.5."
      }
    ],
    "host": "so1"
  },
  "progress": 100,
  "message": "Starting a new scan",
  "host_name": "so1"
}



/services/pura_cancel_scan

https://<host>:<mPort>/services/pura_cancel_scan

Cancels an ongoing Python scan for the user on the instance.


Usage details
To use this endpoint, you must be running a scan.


DELETE

Sets a canceled flag for the ongoing scan which restricts the scan from writing further progress in the KV store and allows the thread to return.

Request parameters
None.

Returned values

Name Description
200
{
		"status": COMPLETE,
		"message": <message_for_cancellation>,
		"progress": 100
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_cancel_scan  -X DELETE

Response

{
	"status": "COMPLETE",
	"message": "Scan for user: admin on host: localhost cancelled successfully",
	"progress": 100
}

/services/jura_cancel_scan

https://<host>:<mPort>/services/jura_cancel_scan

Cancels an ongoing jQuery scan for the user on the instance.


Usage details
To use this endpoint, you must be running a scan.


DELETE

Sets a canceled flag for the ongoing scan which restricts the scan from writing further progress in the KV store and allows the thread to return.

Request parameters
None.

Returned values

Name Description
200
{
		"status": COMPLETE,
		"message": <message_for_cancellation>,
		"progress": 100
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_cancel_scan  -X DELETE

Response

{
	"status": "COMPLETE",
	"message": "Scan for user: admin on host: localhost cancelled successfully",
	"progress": 100
}



/services/pura_dismiss_file

https://<host>:<mPort>/services/pura_dismiss_file

Dismisses a file path from the scan report and omits it from future scans.


Usage details
To use this endpoint, a previous scan must be available for this user.


POST

Writes an entry for a specified file path in the KV store for a user and updates the JSON report by removing the file path entry.

Request parameters
None.

Payload

Name Type Description
app String Required. Folder name of the app containing the file path you want to dismiss.
check String Required. The name of the check containing the file path you want to dismiss.
file_path String Required. The file path you want to dismiss.
app_path String Required. The absolute app path in which the file is present.

Returned values

Name Description
200
{
		"status": true,
		"message": <success_message>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_dismiss_file -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "check": "All Python scripts", "file_path": "/opt/splunk/etc/apps/conf_editor_private/bin/__init__.py", "app_path": "/opt/splunk/etc/apps/conf_editor_private"}'  -X POST

Response

{
    "message": "File: /opt/splunk/etc/apps/conf_editor_private/bin/__init__.py for check: All Python scripts for app: Conf Editor Private successfully registered for dismissing for user: admin on host: cds.local. The fresh scan results would skip this file.",
    "success": true
}

/services/pura_remote_dismiss_app

https://<host>:<mPort>/services/pura_remote_dismiss_app

Dismisses an application path for the merged Python report of local and remote instances.


Usage details
To use this endpoint, a previous scan must be available for this user.


POST

Writes an entry for a specified app path in the KV store for the user and updates the JSON report accordingly.

Request parameters
None.

Payload

Name Type Description
app String Required. Folder name of the app containing the file path you want to dismiss.
app_path String Required. The absolute app path in which the file is present.
remote_Host String Required. Hostname in the scan report.

Returned values

Name Description
200
{
		"status": true,
		"message": <success_message>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_remote_dismiss_app -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "remote_host": "so1"}'  -X POST

Response

{
    "message": "App: conf_editor_private successfully registered for dismissing the app for user: admin on host: so1. The periodic notification would skip this dismissed app.",
    "success": true
}

/services/jura_remote_dismiss_app

https://<host>:<mPort>/services/jura_remote_dismiss_app

Dismisses an application path for the merged jQuery report of local and remote instances.


Usage details
To use this endpoint, a previous scan must be available for this user.


POST

Writes an entry for a specified app path in the KV store for the user and updates the JSON report accordingly.

Request parameters
None.

Payload

Name Type Description
app String Required. Folder name of the app containing the file path you want to dismiss.
app_path String Required. The absolute app path in which the file is present.
remote_Host String Required. Hostname in the scan report.

Returned values

Name Description
200
{
    "status": true,
    "message": <success_message>
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_remote_dismiss_app -H 'Content-Type: application/json' -d '{"app": "sample_jura_app", "app_path": "/opt/splunk/etc/apps/sample_jura_app", "remote_host": "so1"}' -X POST

Response

{
  "success": true,
  "message": "App: sample_jura_app successfully registered for dismissing the app on host: so1. The periodic notification would skip this dismissed app."
}


/services/pura_remote_dismiss_file

https://<host>:<mPort>/services/pura_remote_dismiss_file

Dismisses a file path for the merged Python report from local and remote scan report and skips it in future scans.


Usage details
To use this endpoint, a previous scan must be available for this user.


POST

Writes an entry for a specified file path in the KV store for a user and updates the JSON report by removing the file path entry.

Request parameters
None.

Payload

Name Type Description
app String Required. Folder name of the app containing the file path you want to dismiss.
check String Required. The name of the check containing the file path you want to dismiss.
file_path String Required. The file path you want to dismiss.
app_path String Required. The absolute app path in which the file is present.
remote_Host String Required. Hostname in the scan report.
instance String Whether the dismissed file is present in local instance, remote instance, or both the instances. Possible values are local, remote, or both.

Returned values

Name Description
200
{
		"status": true,
		"message": <success_message>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_remote_dismiss_file -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "check": "All Python scripts", "file_path": "/opt/splunk/etc/apps/conf_editor_private/bin/__init__.py", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "remote_host": "so1", "instance": "local"}'  -X POST

Response

{
    "message": "File: /opt/splunk/etc/apps/conf_editor_private/bin/__init__.py for check: All Python scripts for app: Conf Editor Private successfully registered for dismissing for user: admin on host: cds.local. The fresh scan results would skip this file.",
    "success": true
}

/services/jura_remote_dismiss_file

https://<host>:<mPort>/services/jura_remote_dismiss_file

Dismisses a file path for the merged jQuery report from local and remote scan report and skips it in future scans.


Usage details
To use this endpoint, a previous scan must be available for this user.


POST

Writes an entry for a specified file path in the KV store for a user and updates the JSON report by removing the file path entry.

Request parameters
None.

Payload

Name Type Description
app String Required. Folder name of the app containing the file path you want to dismiss.
check String Required. The name of the check containing the file path you want to dismiss.
file_path String Required. The file path you want to dismiss.
app_path String Required. The absolute app path in which the file is present.
remote_Host String Required. Hostname in the scan report.
instance String Whether the dismissed file is present in local instance, remote instance, or both the instances. Possible values are local, remote, or both.

Returned values

Name Description
200
{
    "status": true,
    "message": <success_message>
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_remote_dismiss_file -H 'Content-Type: application/json' -d '{"app": "sample_jura_app", "check": "Splunk dashboard jQuery version check", "file_path": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml", "app_path": "/opt/splunk/etc/apps/sample_jura_app", "remote_host": "so1", "instance": "local"}'  -X POST

Response

{
  "success": true,
  "message": "File: /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml for check: Splunk dashboard jQuery version check for app: sample_jura_app successfully registered for dismissing on host: so1. The fresh scan results would skip this file."
}


/services/pura_remote_result

https://<host>:<mPort>/services/pura_remote_result

Reads the latest merged Python scan report of the local and remote instances.


Usage details
To use this endpoint, you must have completed a scheduled scan and have a merged scan report.


GET

Reads the latest merged scan report of the local and remote instances.

Request parameters
None.

Returned values

Name Description
200
{
		"status": <status_of_scan>,
		"message": <message_related_to_status>,
		"progress": <progress_percentage_value>,
		"results": { <dict_of_results_for scan> }
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_remote_result  -X GET

Response when scan is completed

{
"status":"COMPLETE",
"results":{
  "apps": [
    {
      "name": "private3",
      "label": "private 3",
      "version": "3.0.0",
      "app_path": "/opt/splunk/etc/apps/private3",
      "summary": {
        "Passed": 2,
        "Blocker": 0,
        "Warning": 1,
        "Skipped": 0,
        "type": "Private App",
        "app_link": "",
        "dismiss_app": 1,
        "dismiss_app_date": "1626329392",
        "Status": "DISMISSED"
      },
      "checks": [
        {
          "name": "Python in custom Mako templates",
          "result": "PASSED",
          "messages": [
            
          ],
          "required_action": "None"
        },
        {
          "description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
          "name": "Python scripts",
          "result": "WARNING",
          "messages": [
            {
              "message_filename": ".../bin/test.py",
              "code": [
                "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")"
              ],
              "result": "warning",
              "message_line": null,
              "dismissed": 0,
              "message": "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")\nFile: /opt/splunk/etc/apps/private3/bin/test.py",
              "instance": "local",
              "identical": 0
            }
          ],
          "required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
        },
        {
          "description": "Splunk Python SDK Check",
          "name": "Splunk Python SDK Check",
          "result": "PASSED",
          "messages": [
            
          ]
        }
      ],
      "details": "This app is not compatible with Python 3.",
      "required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
      "remote_version": null
    }
  ],
"summary": {
"splunkbase": 0,
      "splunk_supported": 0,
      "private": 2,
      "public_passed": 0,
      "public_blocker": 0,
      "public_warning": 0,
      "public_unknown": 0,
      "private_passed": 0,
      "private_blocker": 1,
      "private_warning": 0,
      "private_unknown": 0,
      "private_dismissed": 0,
      "public_dismissed": 0,
      "scan_completion_time": 1627038604
},
  "scan_ID": "splunk-system-user_1626329281",
"host": "so1"
},
"message":"Remote scan details successfully for user: admin",
"progress": 100
}



/services/jura_remote_result

https://<host>:<mPort>/services/jura_remote_result

Reads the latest merged jQuery scan report of the local and remote instances.


Usage details
To use this endpoint, you must have completed a scheduled scan and have a merged scan report.


GET

Reads the latest merged scan report of the local and remote instances.

Request parameters
None.

Returned values

Name Description
200
{
    "status": <status_of_scan>,
    "message": <message_related_to_status>,
    "progress": <progress_percentage_value>,
    "results": { <dict_of_results_for scan> }
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_remote_result  -X GET

Response when scan is completed

{
  "status": "COMPLETE",
  "results": {
    "summary": {
      "scan_completion_time": 1631116022,
      "private_dismissed": 0,
      "public_warning": 0,
      "splunk_supported": 0,
      "public_dismissed": 0,
      "splunkbase": 0,
      "private_blocker": 1,
      "private_warning": 0,
      "private_unknown": 0,
      "public_blocker": 0,
      "public_passed": 0,
      "public_unknown": 0,
      "private": 1,
      "private_passed": 0
    },
    "scan_ID": "splunk-system-user_1631116022",
    "apps": [
      {
        "app_path": "/opt/splunk/etc/apps/sample_jura_app",
        "summary": {
          "Skipped": 0,
          "type": "Private App",
          "dismiss_app": 0,
          "app_link": "",
          "dismiss_app_date": "",
          "Passed": 0,
          "Warning": 0,
          "Status": "BLOCKER",
          "Blocker": 3
        },
        "version": "1.0.0",
        "name": "sample_jura_app",
        "remote_version": "",
        "checks": [
          {
            "name": "Splunk dashboard jQuery version check",
            "messages": [
              {
                "instance": "local",
                "dismissed": 0,
                "message_filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml",
                "message_line": null,
                "result": "warning",
                "message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
                "code": "1.0",
                "identical": 0,
                "line": null,
                "filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml"
              }
            ],
            "result": "BLOCKER",
            "required_action": "None",
            "description": "Splunk dashboard jQuery version check"
          },
          {
            "name": "Splunk jQuery version check",
            "messages": [
              {
                "instance": "local",
                "dismissed": 0,
                "message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js",
                "message_line": null,
                "result": "warning",
                "message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application.  Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
                "code": "",
                "identical": 0,
                "line": null,
                "filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js"
              }
            ],
            "result": "BLOCKER",
            "required_action": "None",
            "description": "Splunk jQuery version check"
          },
          {
            "name": "Splunk internal library check",
            "messages": [
              {
                "instance": "local",
                "dismissed": 0,
                "message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js",
                "message_line": null,
                "result": "warning",
                "message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
                "code": "",
                "identical": 0,
                "line": null,
                "filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js"
              }
            ],
            "result": "BLOCKER",
            "required_action": "None",
            "description": "Splunk internal library check"
          }
        ],
        "label": "sample_jura_app",
        "required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
        "details": "This app is not compatible with jQuery 3.5."
      }
    ],
    "host": "so1"
  },
  "progress": 100,
  "message": "Remote scan details successfully for user: admin"
}




/services/pura_remote_schedule_scan

https://<host>:<mPort>/services/pura_remote_schedule_scan

Schedules a Python scan at a custom time or at the default time at 1 AM daily based on user inputs.

Returns the custom scan details from the KV store if stored.


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


POST

Schedules a scan at the given time interval. By default, if no time is specified, the scan is scheduled for 1:00 AM daily.

Request parameters
None.

Payload

Name Type Description
schedule_scan_type String Required. Type of scan. Accepted values are custom or default.
day String Required. Day interval. For example, 2 runs the scan every 2 days.
hours String Required. Hours of the time at which the scan is to be run.
minutes String Required. Minutes of the time at which the scan is to be run.
am_pm String Required. AM or PM
time_offset String Required.The offset of the timezone. For example, +5:30.
disabled String Whether the schedule scan is to disabled or not. Value should be either 0 or 1.

Returned values

Name Description
200
{
		"status": true,
		"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_remote_schedule_scan --data '{"disabled":"1","schedule_scan_type": "custom","day": "1","hours": "5", "minutes":"5", "am_pm": "am", "time_offset": "+0:00"}' -X POST

Response

{
	"status": true,
	"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}

GET

Returns the scan schedule details saved in the KV store.

Request parameters
None.

Returned values

Name Description
200
{
          "user": <user>,
          "host": <hostname>,
          "day": <day_interval>,
          "minutes": <minutes_value_in_time>,
          "hours": <hours_value_in_time>,
          "am_pm": <am_or_pm>",
          "schedule_scan_type": <default_or_custom>,
          "timestamp": <timestamp_at_which_details_were_saved>,
          "disabled": "<Whether the scan is disabled or not>"
}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_remote_schedule_scan -X GET

Response

{
"name":"conf_editor",
    "user":"admin",
    "host":"so1",
    "day":"1",
    "hours":"12",
    "minutes":"22",
    "am_pm":"AM"
    "schedule_scan_type": "custom",
    "timestamp": "1615286051",
    "disabled":"0",
    "_user": "nobody",
    "_key": "60474f23dbe8a80b2d1c22e0"
}

/services/jura_remote_schedule_scan

https://<host>:<mPort>/services/jura_remote_schedule_scan

Schedules a jQuery scan at a custom time or at the default time at 4 AM daily based on user inputs.

Returns the custom scan details from the KV store if stored.


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


POST

Schedules a scan at the given time interval. By default, if no time is specified, the scan is scheduled for 1:00 AM daily.

Request parameters
None.

Payload

Name Type Description
schedule_scan_type String Required. Type of scan. Accepted values are custom or default.
day String Required. Day interval. For example, 2 runs the scan every 2 days.
hours String Required. Hours of the time at which the scan is to be run.
minutes String Required. Minutes of the time at which the scan is to be run.
am_pm String Required. AM or PM
time_offset String Required.The offset of the timezone. For example, +5:30.
disabled String Whether the scheduled scan is disabled or not. Value can be either 0 or 1.

Returned values

Name Description
200
{
    "status": true,
    "message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_remote_schedule_scan --data '{"disabled":"1","schedule_scan_type": "custom","day": "1","hours": "5", "minutes":"5", "am_pm": "am", "time_offset": "+0:00"}' -X POST

Response

{
  "status": true,
  "message": "Successfully updated the remote scheduled scan details for user <user> on host <host>. It will be reflected after 2 hours."
}

GET

Returns the scan schedule details saved in the KV store.

Request parameters
None.

Returned values

Name Description
200
{
          "user": <user>,
          "host": <hostname>,
          "day": <day_interval>,
          "minutes": <minutes_value_in_time>,
          "hours": <hours_value_in_time>,
          "am_pm": <am_or_pm>",
          "schedule_scan_type": <default_or_custom>,
          "timestamp": <timestamp_at_which_details_were_saved>,
          "disabled": "<Whether the scan is disabled or not>"
}
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_remote_schedule_scan -X GET

Response

{
"name":"conf_editor",
    "user":"admin",
    "host":"so1",
    "day":"1",
    "hours":"12",
    "minutes":"22",
    "am_pm":"AM"
    "schedule_scan_type": "custom",
    "timestamp": "1615286051",
    "disabled":"0",
    "_user": "nobody",
    "_key": "60474f23dbe8a80b2d1c22e0"
}

/services/pura_remote_export_report

https://<host>:<mPort>/services/pura_remote_export_report?ID={scan_ID}&format={file_format}&app_name={app_name}&app_path={app_path}&host={host}

Fetches a JSON or CSV report for a given Python scan_ID and app path.


Usage details
To use this endpoint, a previous scan result must be available, and you must know its scan_ID and app_path.


GET

Fetches the JSON or CSV report for a previous scan, given a scan_ID.

Request parameters

Name Type Description
ID String
Required. The scan ID of a completed scan run by this user.
format String
Required. The format of the report.
app_name String
Required. Name of the app (folder name).
app_path String
Required. The absolute path of the installed app.
host String
Required. Hostname of the instance in the scan report.

Returned values

Name Description
200
{
		"apps": [ <list_of_apps> ],
		"summary": { <dict_of_summary_of_scan> },
		"scan_ID": <ID_of_the_scan_report>
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}


Example request and JSON response

Request

curl -k -u username:password https://localhost:8089/services/pura_remote_export_report?ID=admin_1615290732&format=JSON&app_name="conf_editor_private"&app_path="/opt/splunk/etc/apps/conf_editor_private"  -X GET

Response

{
  "apps": [
    {
      "name": "private3",
      "label": "Valtix",
      "version": "1.0.0",
      "app_path": "/opt/splunk/etc/apps/private3",
      "summary": {
        "Passed": 1,
        "Blocker": 1,
        "Warning": 1,
        "Skipped": 0,
        "type": "Private App",
        "app_link": "",
        "dismiss_app": 0,
        "dismiss_app_date": "",
        "Status": "BLOCKER"
      },
      "checks": [
        {
          "name": "Python in custom Mako templates",
          "result": "BLOCKER",
          "messages": [
            {
              "message": null,
              "dismissed": 0,
              "message_filename": ".../bin/test_mako.html",
              "message_line": 1,
              "code": [
                "@@ -1 +1,2 @@\n-rows = [i for i in xrange(1000)]\n+from six.moves import range\n+rows = [i for i in range(1000)]"
              ],
              "instance": "local",
              "identical": 0
            },
            {
              "message": null,
              "dismissed": 0,
              "message_filename": ".../bin/test_mako2.html",
              "message_line": 2,
              "code": [
                "@@ -1,2 +1,3 @@\n+from six.moves import range\n \n-rows = [[v for v in xrange(0,10)] for row in xrange(0,10)]\n+rows = [[v for v in range(0,10)] for row in range(0,10)]"
              ],
              "instance": "local",
              "identical": 0
            }
          ],
          "required_action": "Check to ensure that Mako templates are upgraded to be compatible with Python 3."
        },
        {
          "description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
          "name": "Python scripts",
          "result": "WARNING",
          "messages": [
            {
              "message_filename": ".../bin/test_fail.py",
              "code": [
                "@@ -1,4 +1,6 @@\n-print 'this should give error'\n-[i for i in xrange(1000)]\n+from __future__ import print_function\n+from six.moves import range\n+print('this should give error')\n+[i for i in range(1000)]\n print(\"this should not give error\")\n print(\"this should not give error\")"
              ],
              "result": "warning",
              "message_line": null,
              "dismissed": 0,
              "message": "@@ -1,4 +1,6 @@\n-print 'this should give error'\n-[i for i in xrange(1000)]\n+from __future__ import print_function\n+from six.moves import range\n+print('this should give error')\n+[i for i in range(1000)]\n print(\"this should not give error\")\n print(\"this should not give error\")\nFile: /opt/splunk/etc/apps/private3/bin/test_fail.py",
              "instance": "local",
              "identical": 0
            }
          ],
          "required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
        },
        {
          "description": "Splunk Python SDK Check",
          "name": "Splunk Python SDK Check",
          "result": "PASSED",
          "messages": [
            
          ]
        }
      ],
      "details": "This app is not compatible with Python 3.",
      "required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
      "remote_version": ""
    }
  ],
  "scan_ID": "splunk-system-user_1627040106"
}


/services/jura_remote_export_report

https://<host>:<mPort>/services/jura_remote_export_report?ID={scan_ID}&format={file_format}&app_name={app_name}&app_path={app_path}&host={host}

Fetches a JSON or CSV report for a given jQuery scan_ID and app path.


Usage details
To use this endpoint, a previous scan result must be available, and you must know its scan_ID and app_path.


GET

Fetches the JSON or CSV report for a previous scan, given a scan_ID.

Request parameters

Name Type Description
ID String
Required. The scan ID of a completed scan run by this user.
format String
Required. The format of the report.
app_name String
Required. Name of the app (folder name).
app_path String
Required. The absolute path of the installed app.
host String
Required. Hostname of the instance in the scan report.

Returned values

Name Description
200
{
    "apps": [ <list_of_apps> ],
    "summary": { <dict_of_summary_of_scan> },
    "scan_ID": <ID_of_the_scan_report>
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}


Example request and JSON response

Request

curl -k -u username:password 'https://localhost:8089/services/jura_remote_export_report?ID="splunk-system-user_1631116022"&format="json"&app_name="sample_jura_app"&app_path="/opt/splunk/etc/apps/sample_jura_app"&host="so1"'

Response

{
  "scan_ID": "splunk-system-user_1631116022",
  "apps": [
    {
      "app_path": "/opt/splunk/etc/apps/sample_jura_app",
      "name": "sample_jura_app",
      "label": "sample_jura_app",
      "summary": {
        "Skipped": 0,
        "type": "Private App",
        "dismiss_app": 0,
        "app_link": "",
        "dismiss_app_date": "",
        "Passed": 0,
        "Warning": 0,
        "Status": "BLOCKER",
        "Blocker": 3
      },
      "remote_version": "",
      "version": "1.0.0",
      "checks": [
        {
          "name": "Splunk dashboard jQuery version check",
          "messages": [
            {
              "instance": "local",
              "dismissed": 0,
              "message_filename": ".../default/data/ui/views/sample_b.xml",
              "result": "warning",
              "message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
              "code": "1.0",
              "identical": 0,
              "message_line": null
            }
          ],
          "result": "BLOCKER",
          "required_action": "None",
          "description": "Splunk dashboard jQuery version check"
        },
        {
          "name": "Splunk jQuery version check",
          "messages": [
            {
              "instance": "local",
              "dismissed": 0,
              "message_filename": ".../appserver/static/libs/jquery-2.2.4.min.js",
              "result": "warning",
              "message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application.  Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
              "code": "",
              "identical": 0,
              "message_line": null
            }
          ],
          "result": "BLOCKER",
          "required_action": "None",
          "description": "Splunk jQuery version check"
        },
        {
          "name": "Splunk internal library check",
          "messages": [
            {
              "instance": "local",
              "dismissed": 0,
              "message_filename": ".../appserver/static/script_1.js",
              "result": "warning",
              "message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
              "code": "",
              "identical": 0,
              "message_line": null
            }
          ],
          "result": "BLOCKER",
          "required_action": "None",
          "description": "Splunk internal library check"
        }
      ],
      "required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
      "details": "This app is not compatible with jQuery 3.5."
    }
  ]
}



/services/pura_remote_sendemail

https://<host>:<mPort>/services/pura_remote_sendemail

Email a specific Python app report to the specified email addresses and app.


Usage details
To use this endpoint, you must complete a scan and correctly configure email details.


POST

Sends the app report as an email to the specified email addresses.

Request parameters
None.

Payload

Name Type Description
app_name String Required. Name of the app (folder name).
app_path String Required. The absolute path to the application.
subject String Required. The subject of the email.
receiver String Required. A comma-separated list of email addresses to whom the report is to be mailed.
body String Required. Body of the email.
remote_host String Required. Hostname present in the scan report.

Returned values

Name Description
200
{
		"status": true,
		"message": "Email sent"
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_sendemail -H 'Content-Type: application/json' -d '{"app_name": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "subject": "Subject of the email", "receiver": "email1@email.com, email2@email.com", "body": "Body of the email", "remote_host": "so1"}' -X POST

Response

{
	"status": true,
	"message": "Email sent"
}

/services/jura_remote_sendemail

https://<host>:<mPort>/services/jura_remote_sendemail

Email a specific jQuery app report to the specified email addresses and app.


Usage details
To use this endpoint, you must complete a scan and correctly configure email details.


POST

Sends the app report as an email to the specified email addresses.

Request parameters
None.

Payload

Name Type Description
app_name String Required. Name of the app (folder name).
app_path String Required. The absolute path to the application.
subject String Required. The subject of the email.
receiver String Required. A comma-separated list of email addresses to whom the report is to be mailed.
body String Required. Body of the email.
remote_host String Required. Hostname present in the scan report.

Returned values

Name Description
200
{
    "status": true,
    "message": "Email sent"
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/jura_remote_sendemail -H 'Content-Type: application/json' -d '{"app_name": "sample_jura_app", "app_path": "/opt/splunk/etc/apps/sample_jura_app", "subject": "Subject of the email", "receiver": ["email1@email.com", "email2@email.com"], "body": "Body of the email", "remote_host": "so1"}' -X POST

Response

{
  "status": true,
  "message": "Email sent"
}

/services/pura_latest_report

https://<host>:<mPort>/services/pura_latest_report

Get the latest scheduled Python scan report.


Usage details
To use this endpoint, a scheduled scan must be completed.


GET

Get the latest scheduled scan report.

Request parameters

Name Type Description
ID String
Required. The scan ID of a completed scan run by this user.
pura_apps String
Required. Comma separated list of app names (folder name).

Returned values

Name Description
200
{
		"apps": [ ],
		"summary": {},
		"scan_ID": <ID_of_the_scan_report>,
                "host": "<host>"
	}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}


Example request and JSON response

Request

curl -k -u username:password https://localhost:8089/services/pura_latest_report?pura_apps="private_app1,private_app2" -X GET

Response

{
  "apps": [
    {
      "name": "private_app1",
      "label": "private_app1",
      "version": "3.0.0",
      "app_path": "/opt/splunk/etc/apps/private_app1",
      "summary": {
        "Passed": 2,
        "Blocker": 0,
        "Warning": 1,
        "Skipped": 0,
        "type": "Private App",
        "app_link": "",
        "dismiss_app": 1,
        "dismiss_app_date": "1626329392",
        "Status": "DISMISSED"
      },
      "checks": [
        {
          "name": "Python in custom Mako templates",
          "result": "PASSED",
          "messages": [
            
          ],
          "required_action": "None"
        },
        {
          "description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
          "name": "Python scripts",
          "result": "WARNING",
          "messages": [
            {
              "message_filename": ".../bin/test.py",
              "code": [
                "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")"
              ],
              "result": "warning",
              "message_line": null,
              "dismissed": 0,
              "message": "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")\nFile: /opt/splunk/etc/apps/private_app1/bin/test.py",
              "instance": "local",
              "identical": 0
            }
          ],
          "required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
        },
        {
          "description": "Splunk Python SDK Check",
          "name": "Splunk Python SDK Check",
          "result": "PASSED",
          "messages": [
            
          ]
        }
      ],
      "details": "This app is not compatible with Python 3.",
      "required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
      "remote_version": null
    },
{
      "name": "private_app2",
      "label": "private_app2",
      "version": "3.0.0",
      "app_path": "/opt/splunk/etc/apps/private_app2",
      "summary": {
        "Passed": 2,
        "Blocker": 0,
        "Warning": 1,
        "Skipped": 0,
        "type": "Private App",
        "app_link": "",
        "dismiss_app": 1,
        "dismiss_app_date": "1626329400",
        "Status": "DISMISSED"
      },
      "checks": [
        {
          "name": "Python in custom Mako templates",
          "result": "PASSED",
          "messages": [
            
          ],
          "required_action": "None"
        },
        {
          "description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
          "name": "Python scripts",
          "result": "WARNING",
          "messages": [
            {
              "message_filename": ".../bin/test.py",
              "code": [
                "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")"
              ],
              "result": "warning",
              "message_line": null,
              "dismissed": 0,
              "message": "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")\nFile: /opt/splunk/etc/apps/private_app2/bin/test.py",
              "instance": "local",
              "identical": 0
            }
          ],
          "required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
        },
        {
          "description": "Splunk Python SDK Check",
          "name": "Splunk Python SDK Check",
          "result": "PASSED",
          "messages": [
            
          ]
        }
      ],
      "details": "This app is not compatible with Python 3.",
      "required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
      "remote_version": null
    }
  ],
  "scan_ID": "splunk-system-user_1626329281"
}


/services/jura_latest_report

https://<host>:<mPort>/services/jura_latest_report

Get the latest scheduled jQuery scan report.


Usage details
To use this endpoint, a scheduled scan must be completed.


GET

Get the latest scheduled scan report.

Request parameters

Name Type Description
jura_apps String
Required. Comma separated list of app names (folder name).

Returned values

Name Description
200
{
    "apps": [ ],
    "summary": {},
    "scan_ID": <ID_of_the_scan_report>,
                "host": "<host>"
  }
400, 403, 404, or 500
{
  "status": false,
  "message": <failure_cause>
}


Example request and JSON response

Request

curl -k -u username:password https://localhost:8089/services/jura_latest_report?jura_apps="sample_jura_app" -X GET

Response

{
  "summary": {
    "scan_completion_time": 1631116022,
    "private_dismissed": 0,
    "private_passed": 0,
    "public_warning": 0,
    "splunk_supported": 0,
    "public_dismissed": 0,
    "splunkbase": 0,
    "private_blocker": 1,
    "private_warning": 0,
    "private_unknown": 0,
    "public_passed": 0,
    "public_unknown": 0,
    "private": 1,
    "public_blocker": 0
  },
  "scan_ID": "splunk-system-user_1631116022",
  "apps": [
    {
      "app_path": "/opt/splunk/etc/apps/sample_jura_app",
      "name": "sample_jura_app",
      "label": "sample_jura_app",
      "version": "1.0.0",
      "summary": {
        "Skipped": 0,
        "type": "Private App",
        "dismiss_app": 0,
        "app_link": "",
        "dismiss_app_date": "",
        "Passed": 0,
        "Warning": 0,
        "Status": "BLOCKER",
        "Blocker": 3
      },
      "checks": [
        {
          "name": "Splunk dashboard jQuery version check",
          "messages": [
            {
              "dismissed": 0,
              "message_filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml",
              "result": "warning",
              "message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
              "code": "1.0",
              "line": null,
              "message_line": null,
              "filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml"
            }
          ],
          "result": "BLOCKER",
          "required_action": "None",
          "description": "Splunk dashboard jQuery version check"
        },
        {
          "name": "Splunk jQuery version check",
          "messages": [
            {
              "dismissed": 0,
              "message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js",
              "result": "warning",
              "message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application.  Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
              "code": "",
              "line": null,
              "message_line": null,
              "filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js"
            }
          ],
          "result": "BLOCKER",
          "required_action": "None",
          "description": "Splunk jQuery version check"
        },
        {
          "name": "Splunk internal library check",
          "messages": [
            {
              "dismissed": 0,
              "message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js",
              "result": "warning",
              "message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
              "code": "",
              "line": null,
              "message_line": null,
              "filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js"
            }
          ],
          "result": "BLOCKER",
          "required_action": "None",
          "description": "Splunk internal library check"
        }
      ],
      "required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
      "details": "This app is not compatible with jQuery 3.5."
    }
  ],
  "host": "so1"
}



/services/pura_manage_remote_scan

https://<host>:<mPort>/services/pura_manage_remote_scan

Updates the schedule scan details in scripted input of the host.


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


POST

Updates the scripted input according to the schedule scan details specified.

Request parameters
None.

Payload

Name Type Description
schedule_scan_type String Required. Type of scan. Accepted values are custom or default.
day String Required. Day interval. For example, 2 runs the scan every 2 days.
hours String Required. Hours of the time at which the scan is to be run.
minutes String Required. Minutes of the time at which the scan is to be run.
am_pm String Required. AM or PM
disabled String Whether the schedule scan is to disabled or not. Value should be either 0 or 1.

Returned values

Name Description
200
{
		"status": true,
		"message": "Successfully updated the remote schedule scan details for user <user> on host <host>."
}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password 'https://localhost:8089/services/pura_manage_remote_scan?disabled=1&schedule_scan_type =custom&day=1&hours=5&minutes=5&am_pm="am" &time_offset="+0:00"' -X POST

Response

{
	"status": true,
	"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}

/services/pura_user_records

https://<host>:<mPort>/services/pura_user_records

View or update the user Python version upgrade requests.


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


POST

Submit a Python version upgrade request.

Request parameters
None.

Payload

Name Type Description
action String Required. Requested Python version. Possible values are Python2, Python3, or Force Python3.

Returned values

Name Description
200
{
		"status": true,
		"message": "User records inserted successfully"
}
400, 403, 404, or 500
{
	"success": false,
        "error_type" : "OTHER", 
        "message" : "Something went Wrong!"}
}

Example request and response

Request

curl -k -u username:password https://localhost:8089/services/pura_user_records -H 'Content-Type:application/json' -d '{"action":"Python3"}' -X POST

Response

{
	"status": true,
	"message": "User records inserted successfully"
}

GET

Gets the user Python version upgrade request records.

Request parameters
None.

Returned values

Name Description
200
{
"current_timezone_offset" :
 "+05:30" // to show the time
 as per user's current timezone  "                         
"records" : 
[
{
host_name:"",               
user_name:"",                   
user_role:""                        
action:"",
request_timestamp: "",
description: "",
stack_ID: "",
}]}
400, 403, 404, or 500
{
	"status": false,
	"message": <failure_cause>
}

Example request and response

Request

curl -k -u username:password 'https://localhost:8089/services/pura_user_records' -X GET

Response

{
    "current_timezone_offset": "+05:30",
    "records": [
        {
            "host_name": "sh-i-090da0788f8203adb",
            "user_name": "admin",
            "user_role": "role1|role2|role3",
            "action": "Python3",
            "request_timestamp": "23 Jul 2021 13:43:01 +UTC",
            "description": "Request to upgrade Python3",
            "stack_ID": "noble-newt-947"
        }
    ]
}


/services/pura_check_python_version

https://<host>:<mPort>/services/pura_check_python_version

Get the current Python version on the server.


Usage details
To use this endpoint, you must have permission to see the apps on your instance.


GET

Get the current Python version on the server.

Request parameters
None

Returned values

Name Description
200
0/1/2

0 => Current python version on server is python2, can request to python3 or force_python3
1 => Current python version on server is python2 but already requested python 3 or force_python 3, can request to retract back to python2
2 => Current python version on server is either python3 or force_python3
400, 403, 404, or 500
{"success" : false,
 "error_type" : "OTHER",
 "message" : "Something
 went Wrong!"}


Example request and JSON response

Request

curl -k -u username:password https://localhost:8089/services/pura_check_python_version -H 'Content-Type:application/json' -X GET

Response

2
Last modified on 21 January, 2022
Act on jQuery scan results with the Upgrade Readiness App   Manage weekly emails from the Upgrade Readiness App

This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters