Skip to main content
Splunk® Enterprise

REST API Reference Manual

Splunk® Enterprise
9.0.10
Splunk Enterprise version 9.0 will no longer be supported as of June 14, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

System endpoint descriptions

Manage server configuration settings and messages.

Usage details

Review ACL information for an endpoint

To check Access Control List (ACL) properties for an endpoint, append /acl to the path. For more information see Access Control List in the REST API User Manual.

Authentication and Authorization

Username and password authentication is required for access to endpoints and REST operations.

Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.

App and user context

Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. For more information about specifying a namespace, see Namespace in the REST API User Manual.

Additional introspection information

See Introspection endpoint descriptions for the system endpoints related to introspection.

Splunk Cloud Platform limitations

As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. System endpoints are generally not accessible in Splunk Cloud Platform.

See Access requirements and limitations for the Splunk Cloud Platform REST API in the the REST API Tutorials manual for more information.



messages

https://<host>:<mPort>/services/messages


Access and create system messages. Most messages are created by splunkd to inform the user of system information, including license quotas, license expirations, misconfigured indexes, and disk space. Splunk Web displays these as bulletin board messages.


GET

Expand

Show systemwide messages.

POST

Expand

Create a persistent message displayed at /services/messages.


messages/{name}

https://<host>:<mPort>/services/messages/{name}


Manage the message associated with the {name} message ID.


DELETE

Expand

Delete the specified message.


GET

Expand

Get details of the specified message.


server/control

https://<host>:<mPort>/services/server/control


List available controls.

GET

Expand

List actions that can be performed at this endpoint.


server/control/restart

https://<host>:<mPort>/services/server/control/restart

Restart the splunkd server daemon and Splunk Web interface. The POST operation is equivalent to the splunk restart CLI command.

See also server/control/restart_webui


POST

Expand

Restart the splunkd server daemon and Splunk Web interface.


server/control/restart_webui

https://<host>:<mPort>/services/server/control/restart_webui


Restart the Splunk Web interface. This interface is equivalent to the splunk restart splunkweb CLI command, and restarts the Web interface on servers with the default app server mode set. See also server/control/restart


POST

Expand

Restart the Splunk Web interface.


server/httpsettings/proxysettings

https://<host>:<mPort>/services/server/httpsettings/proxysettings

Create an HTTP Proxy Server configuration for splunkd.

Authentication and Authorization
Requires the edit_server capability.


POST

Expand

Create a HTTP Proxy server configuration stanza for use with splunkd.


server/httpsettings/proxysettings/proxyConfig

https://<host>:<mPort>/services/server/httpsettings/proxysettings/proxyConfig

Access, update, or delete the HTTP Proxy Server configurations for splunkd including http_proxy, https_proxy and no_proxy.


Authentication and Authorization
All operations on this endpoint require the edit_server capability.


GET

Expand

Access the {proxyConfig} HTTP proxy server configurations for splunkd.


POST

Expand

Update the {proxyConfig} HTTP proxy server configurations for splunkd.


DELETE

Expand

Delete the {proxyConfig} HTTP proxy server configurations for splunkd.



server/logger

https://<host>:<mPort>/services/server/logger


Access splunkd logging categories specified in code or in $SPLUNK_HOME/etc/log.cfg.


GET

Expand

Enumerate splunkd logging categories.


server/logger/{name}

https://<host>:<mPort>/services/server/logger/{name}


Manage the {name} logging category.


GET

Expand

Access information about the specified splunkd logging category.


POST

Expand

Set the logging level for a specific logging category.


server/roles

https://<host>:<mPort>/services/server/roles


Access server role information.

See also the server-roles attribute in /server/info.


GET

Expand

Access the roles applicable to this server.


server/security/rotate-splunk-secret

https://<host>:<mPort>/services/server/security/rotate-splunk-secret

Rotates the splunk.secret file on a standalone Splunk Enterprise instance.

POST

Expand

Rotates the splunk.secret file on a standalone Splunk Enterprise instance.


server/settings

https://<host>:<mPort>/services/server/settings


Access server configuration information for a Splunk platform instance. For additional information about your Splunk platform instance, see the server/info endpoint.


GET

Expand

Returns server configuration for a Splunk deployment.


Last modified on 03 December, 2021
Search endpoint descriptions   Workload management endpoint descriptions

This documentation applies to the following versions of Splunk® Enterprise: 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters