Splunk Cloud Platform

Admin Config Service Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

View maintenance windows for Splunk Cloud Platform

The Admin Config Service (ACS) lets you view information about scheduled maintenance windows for your Splunk Cloud Platform deployment. You can use the ACS API to view both historic and upcoming maintenance window information programmatically.

The ACS API does not currently support the scheduling of maintenance windows.

For more information on Splunk Cloud Platform maintenance windows, see Splunk Cloud Platform Service Details.

Requirements

To view maintenance window information using the ACS API:

  • Your role must have the capabilities required to access the ACS API endpoint. The sc_admin role has all required capabilities by default. For a list of required capabilities, see Manage ACS API access with capabilities.
  • You must have Splunk Cloud Platform version 8.0.2007 or higher.
  • Your deployment must have one or more separate search heads or a search head cluster. ACS is not supported on single instance deployments.

The ACS API does not currently support AWS GovCloud or FedRAMP environments.

Set up the ACS API

Before using the ACS API, you must download the ACS Open API 3.0 specification, which includes the parameters, response codes, and other data you need to work with the ACS API. You must also create an authentication token in Splunk Cloud Platform for use with ACS endpoint requests. For details on how to set up the ACS API to view maintenance windows, see Set up the ACS API.

View maintenance windows

This section shows you how to view maintenance window information for your Splunk Cloud Platform deployment using the ACS API.

Maintenance window schedule data is updated daily, not in real time.

List maintenance windows

To list scheduled maintenance windows for your Splunk Cloud Platform deployment, send an HTTP GET request to the /maintenance-windows/schedules endpoint. By default, the request returns a list of maintenance windows scheduled within +/-30 days from now.

You can optionally specify the following query parameters to customize the time frame and the number of listed maintenance windows:

Parameter Description
fromTime The earliest time the maintenance window schedule starts. Acceptable format is YYYY-MM-DD or in RFC3339 (YYYY-MM--DDTHH:mm:SSZHH:mm).
toTime The latest time the maintenance window schedule starts. Acceptable format is YYYY-MM-DD or in RFC3339 (YYYY-MM--DDTHH:mm:SSZHH:mm).
count Number of maintenance window schedules. Default value is 30.
nextLink The start time of the next scheduled maintenance window relative to the current maintenance window count. For example, if there are 3 total scheduled maintenance windows and the count is set to 2, the request returns a nextLink value stating the start time of the 3rd maintenance window. This is used for pagination purposes. A value of null indicates there are no more pages.

If fromTime and toTime are not set, the request returns +30 days from now. If only fromTime is set, it returns +30 days from fromTime. If only toTime is set, it returns -30 days until toTime. If both are set it returns from fromTime to toTime.

For example:

curl -X GET 'https://admin.splunk.com/{stack}/adminconfig/v2/maintenance-windows/schedules?fromTime=2022-08-09&toTime=2022-08-14&nextLink=2022-08-21T04:00:00Z&count=1' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsu …'

The request returns information about the scheduled maintenance windows within the specified time frame. For example:

{
   "nextLink": "2022-08-21T04:00:00Z",
   "schedules": [
       {
           "duration": "2h",
           "lastModifiedTimestamp": "2022-11-16T19:09:53Z",
           "lastSummary": "Customer requested upgrade",
           "mwType": "Service Update",
           "operations": [
               {
                   "SFDCTickets": [
                       "string"
                   ],
                   "endTime": "2022-04-20T05:00:00Z",
                   "notes": [
                       "string"
                   ],
                   "operationDescription": "string",
                   "operationStatus": "Started",
                   "operationType": "Splunk Upgrade",
                   "startTime": "2022-09-20T04:00:00Z",
                   "targetVersion": "string"
               }
           ],
           "requestedEntity": "splunk",
           "scheduleId": "1e4729b4-11d0-4165-a886-a21cce7139f2",
           "scheduleStartTimestamp": "2022-08-21T04:00:00Z",
           "status": "Started"
       }
   ]
}

The maintenance-windows/schedules endpoint only lists historical maintenance windows that have completed. The endpoint does not list previously scheduled maintenance windows that have been canceled.

For endpoint details, see maintenance-windows/schedules in the ACS endpoint reference.

Describe individual maintenance windows

To describe a specific maintenance window, send an HTTP GET request to the /maintenance-windows/schedules/{scheduleId} endpoint, specifying the maintenance window schedule ID. For example:

curl -X GET 'https://admin.splunk.com/{stack}/adminconfig/v2/maintenance-windows/schedules/{scheduleId}' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsu …'

The request returns information about the specific maintenance window. For example:

{
   "duration": "2h",
   "lastModifiedTimestamp": "2022-11-16T19:09:53Z",
   "lastSummary": "Customer requested upgrade",
   "mwType": "Service Update",
   "operations": [
       {
           "SFDCTickets": [
               "string"
           ],
           "endTime": "2022-04-20T05:00:00Z",
           "notes": [
               "string"
           ],
           "operationDescription": "string",
           "operationStatus": "Started",
           "operationType": "Splunk Upgrade",
           "startTime": "2022-04-20T04:00:00Z",
           "targetVersion": "string"
       }
   ],
   "requestedEntity": "splunk",
   "scheduleId": "14479cd5-8ada-41f0-92c4-d234e9124569",
   "scheduleStartTimestamp": "2022-08-13T04:00:00Z",
   "status": "Scheduled"
}

For endpoint details, see maintenance-windows/schedules/{scheduleId} in the ACS endpoint reference.

Audit maintenance windows

To view an audit trail of status changes for a specific maintenance window, send an HTTP request to the maintenance-windows/schedules/{scheduleID}/audits endpoint, specifying the maintenance window schedule ID.

By default, the request returns a list of all audit events for the specified maintenance window. You can optionally specify the following fromTime and toTime query parameters to view a subset of audit events within a specified time frame:

Parameter Description
fromTime The earliest time the maintenance window schedule starts. Acceptable format is YYYY-MM-DD or in RFC3339 (YYYY-MM--DDTHH:mm:SSZHH:mm).
toTime The latest time the maintenance window schedule starts. Acceptable format is YYYY-MM-DD or in RFC3339 (YYYY-MM--DDTHH:mm:SSZHH:mm).

For example:

curl -X GET 'https://admin.splunk.com/{stack}/adminconfig/v2/maintenance-windows/schedules/{scheduleId}/audits?fromTime=2022-08-09&toTime=2022-08-14' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsu …'

The request returns a list of all audit events within the specified time frame. For example:

{
   "audits": [
       {
           "duration": "2h0m0s",
           "lastModifiedTimestamp": "2022-11-01T18:09:25Z",
           "lastSummary": "",
           "mwType": "Service Update",
           "operations": [
               {
                   "operationDescription": "Splunk version upgrade to latest/stable release",
                   "operationStatus": "Success",
                   "operationType": "SplunkUpgrade",
                   "targetVersion": "9.0.2209.1"
               }
           ],
           "requestedEntity": "Splunk",
           "scheduleId": "66e20f3f-aea2-4096-982f-7f93a6979872",
           "scheduleStartTimestamp": "2022-10-14T04:00:00Z",
           "status": "Completed"
       },
       {
           "duration": "2h0m0s",
           "lastModifiedTimestamp": "2022-10-11T18:09:25Z",
           "lastSummary": "",
           "mwType": "Service Update",
           "operations": [
               {
                   "operationDescription": "Splunk version upgrade to latest/stable release",
                   "operationStatus": "Success",
                   "operationType": "SplunkUpgrade",
                   "targetVersion": "9.0.2209.1"
               }
           ],
           "requestedEntity": "Splunk",
           "scheduleId": "66e20f3f-aea2-4096-982f-7f93a6979872",
           "scheduleStartTimestamp": "2022-10-14T04:00:00Z",
           "status": "Scheduled"
       }
   ]
}

For endpoint details, see maintenance-windows/schedules/{scheduleID}/audits in the ACS endpoint reference.

Last modified on 18 January, 2023
PREVIOUS
Manage Splunkbase apps in Splunk Cloud Platform
  NEXT
Manage restarts for Splunk Cloud Platform

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2109, 8.2.2111, 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209 (latest FedRAMP release)


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters