Provides utilities for asynchronous control flow and collection handling.
An abstraction over the Splunk HTTP-wire protocol that provides the basic functionality for communicating with a Splunk instance over HTTP, handles authentication and authorization, and formats HTTP requests (GET, POST, and DELETE) in the format that Splunk expects.
A base class for HTTP abstraction that provides the basic functionality for performing GET, POST, DELETE, and REQUEST operations, and provides utilities to construct uniform responses.
Base classes should only override makeRequest
and parseJSON
.
A controllable logging module that lets you display different types of debugging information to the console.
Class representing an argument to a modular input kind.
Argument
is meant to be used with Scheme
to generate an XML definition of the modular input kind that Splunk understands.
name
is the only required parameter for the constructor.
Event
represents an event or fragment of an event to be written by this modular input to Splunk.
EventWriter
writes events and error messages to Splunk from a modular input.
Its two important methods are writeEvent
, which takes an Event
object, and log
, which takes a severity and an error message.
InputDefinition
encodes the XML defining inputs that Splunk passes to a modular input script.
Logger
logs messages to Splunk's internal logs.
A base class for implementing modular inputs.
Subclasses should implement getScheme
and streamEvents
, and optionally validateInput
if the modular input uses external validation.
The run
function is used to run modular inputs; it typically should not be overridden.
Class representing the metadata for a modular input kind.
A Scheme
specifies a title, description, several options of how Splunk should run modular inputs of this kind, and a set of arguments that define a particular modular input's properties. The primary use of Scheme
is to abstract away the construction of XML to feed to Splunk.
This class represents the XML sent by Splunk for external validation of a new modular input.
Provides a root access point to Splunk functionality with typed access to Splunk resources such as searches, indexes, inputs, and more. Provides methods to authenticate and create specialized instances of the service.
Represents a specific Splunk app that you can view, modify, and remove.
Represents a collection of Splunk apps. You can create and list applications using this collection container, or get a specific app.
Defines a base class for a Splunk collection, which is a well-defined construct that provides basic methods for working with collections of entities, such as creating and listing entities.
Represents a collection of stanzas for a specific property file. You can create and list stanzas using this collection container, or get a specific stanza.
Represents a specific stanza, which you can update and remove, from a configuration file.
Represents a collection of configuration files. You can create and list configuration files using this collection container, or get a specific file.
Represents a data model on the server. Data models contain DataModelObject
instances, which specify structured views on Splunk data.
Used for specifying a calculation on a DataModelObject
.
id
(string): The ID for this data model calculation.type
(string): The type of this data model calculation.comment
(string|null): The comment for this data model calculation, or null
.editable
(boolean): True if this calculation can be edited, false otherwise.lineage
(array): The lineage of the data model object on which this calculation
is defined in an array of strings.owner
(string): The data model that this calculation belongs to.outputFields
(array): The fields output by this calculation.expression
(string): The expression to use for this calculation.inputField
(string): The field to use for calculation.lookupName
(string): The name of the lookup to perform.inputFieldMappings
(object): The mappings from fields in the events to fields in the lookup.Lookup
Eval
GeoIP
Rex
Represents a constraint on a DataModelObject
or a DataModelField
.
query
(string): The search query defining this data model constraint.lineage
(array): The lineage of this data model constraint.owner
(string): The name of the data model object that owns
this data model constraint.Represents a field of a data model object. This is a helper class for DataModelCalculation
and DataModelObject
.
fieldName
(string): The name of this field.displayName
(string): A human readable name for this field.type
(string): The type of this field.multivalued
(boolean): Whether this field is multivalued.required
(boolean): Whether this field is required.hidden
(boolean): Whether this field should be displayed in a data model UI.editable
(boolean): Whether this field can be edited.comment
(string): A comment for this field, or null
if there isn't one.fieldSearch
(string): A search query fragment for this field.lineage
(array): An array of strings of the lineage of the data model
on which this field is defined.owner
(string): The name of the data model object on which this field is defined.string
boolean
number
timestamp
objectCount
childCount
ipv4
Represents one of the structured views in a DataModel
.
dataModel
(splunkjs.Service.DataModel): The DataModel
to which this DataModelObject
belongs.name
(string): The name of this DataModelObject
.displayName
(string): The human readable name of this DataModelObject
.parentName
(string): The name of the parent DataModelObject
to this one.lineage
(array): An array of strings of the lineage of the data model
on which this field is defined.fields
(object): A dictionary of DataModelField
objects, accessible by name.constraints
(array): An array of DataModelConstraint
objects.calculations
(object): A dictionary of DataModelCalculation
objects, accessible by ID.baseSearch
(string): The search query wrapped by this data model object.groupByFields
(string): The fields that will be used to group events into transactions.objectsToGroup
(array): Names of the data model objects that should be unioned
and split into transactions.maxSpan
(string): The maximum time span of a transaction.maxPause
(string): The maximum pause time of a transaction.Represents a collection of data models. You can create and list data models using this collection container, or get a specific data model.
Provides a base definition for a Splunk endpoint, which is a combination of a specific service and path. Provides convenience methods for GET, POST, and DELETE operations used in splunkjs, automatically preparing the path correctly and allowing for relative calls.
Defines a base class for a Splunk entity, which is a well-defined construct with certain operations (such as "properties", "update", and "delete"). Entities include search jobs, indexes, inputs, apps, and more.
Provides basic methods for working with Splunk entities, such as fetching and updating them.
Represents a fired alert. You can retrieve several of the fired alert's properties by the corresponding function name.
Represents a specific alert group, which you can then view and remove.
Represents a collection of fired alerts for a saved search. You can create and list saved searches using this collection container, or get a specific alert group.
Represents an index, which you can update and submit events to.
Represents a collection of indexes. You can create and list indexes using this collection container, or get a specific index.
Represents a specific search job. You can perform different operations on this job, such as reading its status, canceling it, and getting results.
Represents a collection of search jobs. You can create and list search jobs using this collection container, or get a specific search job.
Pivot represents data about a pivot report returned by the Splunk Server.
service
(splunkjs.Service): A Service
instance.search
(string): The search string for running the pivot report.drilldownSearch
(string): The search for running this pivot report using drilldown.openInSearch
(string): Equivalent to search parameter, but listed more simply.prettyQuery
(string): Equivalent to openInSearch
.pivotSearch
(string): A pivot search command based on the named data model.tstatsSearch
(string): The search for running this pivot report using tstats.PivotSpecification represents a pivot to be done on a particular data model object. The user creates a PivotSpecification on some data model object, adds filters, row splits, column splits, and cell values, then calls the pivot method to query splunkd and get a set of SPL queries corresponding to this specification.
Call the pivot
method to query Splunk for SPL queries corresponding to this pivot.
This class supports a fluent API, each function except init
, toJsonObject
& pivot
return the modified splunkjs.Service.PivotSpecification
instance.
Provides a base definition for a Splunk resource (for example, an entity such as an index or search job, or a collection of entities). Provides basic methods for handling Splunk resources, such as validation and accessing properties.
This class should not be used directly because most methods are meant to be overridden.
Represents a specific saved search, which you can then view, modify, and remove.
Represents a collection of saved searches. You can create and list saved searches using this collection container, or get a specific saved search.
Provides access to configuration information about the server.
Represents a specific storage password, which you can then view, modify, and remove.
Represents a collection of storage passwords. You can create and list storage passwords using this collection container, or get a specific storage password.
Represents a specific Splunk user, which you can view, modify, and remove.
Represents a collection of users. You can create and list users using this collection container, or get a specific user.
Represents a specific Splunk view, which you can view, modify, and remove.
Represents a collection of views. You can create and list views using this collection container, or get a specific view.
Provides various utility functions, which are mostly modeled after Underscore.js.
Contains functionality common to Splunk Enterprise and Splunk Storm.
This class is an implementation detail and is therefore SDK-private.