Skip to main content
Splunk® Enterprise

REST API Reference Manual

Splunk® Enterprise
9.4.1 (latest release)

Application endpoint descriptions

Manage applications.

Usage details

Review ACL information for an endpoint

To check Access Control List (ACL) properties for an endpoint, append /acl to the path. For more information see Access Control List in the REST API User Manual.

Authentication and Authorization

Username and password authentication is required for access to endpoints and REST operations.

Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.

App and user context

Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. For more information about specifying a namespace, see Namespace in the REST API User Manual.

Splunk Cloud limitations

If you have a managed Splunk Cloud deployment with search head clustering and index clustering, the REST API supports access to the search head only. You can use the REST API to interact with the search head in your deployment. Using the REST API to access any other cluster member nodes is not supported. For example, application endpoints are not applicable to Splunk Cloud deployments.


apps/appinstall (deprecated)

https://<host>:<port>/services/apps/appinstall

Install or update an application.

This endpoint is deprecated as of software version 6.6.0. To create an app or see a list of apps, see apps/local in this topic.

POST

Expand

Install or update an application from a local file or URL.


apps/apptemplates

https://<host>:<port>/services/apps/apptemplates


List installed app templates. You can use an app template as the template parameter in a POST to /services/apps/local.

For additional information, see apps/local.


GET

Expand

List installed app templates.


apps/apptemplates/{name}

https://<host>:<port>/services/apps/apptemplates/{name}


Get the {name} app template descriptor.

For additional information, see apps/apptemplates.


GET

Expand

Get the {name} app template descriptor.


apps/local

https://<host>:<port>/services/apps/local


Create an app or list installed apps and properties.

The capabilities that this endpoint requires change based on the enable_install_apps setting in limits.conf. If this setting is true, the install_apps and edit_local_apps settings are required. If this setting is false, the admin_all_objects capability is required. By default, this setting value is false but you can change it on your system to improve security.

GET

Expand

List installed apps and properties.


POST

Expand

Create an app.


apps/local/{name}

https://<host>:<port>/services/apps/local/{name}


Manage {name} app. For additional information, see "Uninstall an app" in the Admin Manual.


DELETE

Expand

Delete the {name} app.


GET

Expand

List information about the {name} app.


POST

Expand

Update the {name} app properties. Append /enable or /disable to enable or disable the app. See Enable and disable endpoint for more information.


apps/local/{name}/package

The packaging action is deprecated.

https://<host>:<port>/services/apps/local/{name}/package

Archive the {name} app as a .spl file in the $SPLUNK_HOME/etc/system/static/app-packages directory.


GET

Expand

Archive the {name}.spl app.


apps/local/{name}/setup

https://<host>:<port>/services/apps/local/{name}/setup

Get the {name} app setup information.


GET

Expand

Get setup information for the {name} app.


apps/local/{name}/update

https://<host>:<port>/services/apps/local/{name}/update


Get eai:acl information for the {name} app.


GET

Expand

Get {name} app eai:acl information.


Last modified on 02 January, 2025
Access endpoint descriptions   Cluster endpoint descriptions

This documentation applies to the following versions of Splunk® Enterprise: 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1


Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters