apps

splunkjs.Service.apps
Endpoint: apps/local

Gets the Applications collection, which allows you to list installed apps and retrieve information about them.

Syntax

apps: function()

Return

splunkjs.Service.Collection.

The Applications collection.

Examples

 // List installed apps
 var apps = svc.apps();
 apps.fetch(function(err) { console.log(apps.list()); });

configurations

splunkjs.Service.configurations
Endpoint: configs

Gets the Configurations collection, which lets you create, list, and retrieve configuration (.conf) files.

Syntax

configurations: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Configurations.

The Configurations collection.

Examples

 // List all properties in the 'props.conf' file
 var files = svc.configurations();
 files.item("props", function(err, propsFile) {
     propsFile.fetch(function(err, props) {
         console.log(props.properties()); 
     });
 });

currentUser

splunkjs.Service.currentUser
Endpoint: authorization/current-context

Gets the user that is currently logged in.

Syntax

currentUser: function(callback)

Parameters

Name Type Description
callback Function

A function to call with the user instance: (err, user).

Return

splunkjs.Service.currentUser.

The User.

Examples

 service.currentUser(function(err, user) {
     console.log("Real name: ", user.properties().realname);
 });

dataModels

splunkjs.Service.dataModels
Endpoint: datamodel/model

Gets the DataModels collection, which lets you create, list, and retrieve data models.

Syntax

dataModels: function(namespace)

firedAlertGroups

splunkjs.Service.firedAlertGroups
Endpoint: saved/searches

Gets the FiredAlertGroupCollection collection, which lets you list alert groups.

Syntax

firedAlertGroups: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.FiredAlertGroupCollection.

The FiredAlertGroupCollection collection.

Examples

 // List all # of fired alert groups
 var firedAlertGroups = svc.firedAlertGroups();
 firedAlertGroups.fetch(function(err, firedAlertGroups) {
     console.log("# of alert groups: " + firedAlertGroups.list().length);
 });

getJob

splunkjs.Service.getJob
Endpoint: search/jobs

A convenience method to get a Job by its sid.

Syntax

getJob: function(sid, namespace, callback)

Parameters

Name Type Description
sid String

The search ID for a search job.

namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

callback Function

A function to call with the created job: (err, job).

indexes

splunkjs.Service.indexes
Endpoint: data/indexes

Gets the Indexes collection, which lets you create, list, and update indexes.

Syntax

indexes: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Indexes.

The Indexes collection.

Examples

 // Check if we have an _internal index
 var indexes = svc.indexes();
 indexes.fetch(function(err, indexes) {
     var index = indexes.item("_internal");
     console.log("Was index found: " + !!index);
     // `index` is an Index object.
 });

init

splunkjs.Service.init

Constructor for splunkjs.Service.

Syntax

init: function()

Parameters

Name Type Description
http splunkjs.Http

An instance of a splunkjs.Http class.

params Object

A dictionary of optional parameters:
- scheme (string): The scheme ("http" or "https") for accessing Splunk.
- host (string): The host name (the default is "localhost").
- port (integer): The port number (the default is 8089).
- username (string): The Splunk account username, which is used to authenticate the Splunk instance.
- password (string): The password, which is used to authenticate the Splunk instance.
- owner (string): The owner (username) component of the namespace.
- app (string): The app component of the namespace.
- sessionKey (string): The current session token.
- autologin (boolean): true to automatically try to log in again if the session terminates, false if not (true by default).
- version (string): The version string for Splunk, for example "4.3.2" (the default is "5.0").

Return

splunkjs.Service.

A new splunkjs.Service instance.

jobs

splunkjs.Service.jobs
Endpoint: search/jobs

Gets the Jobs collection, which lets you create, list, and retrieve search jobs.

Syntax

jobs: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Jobs.

The Jobs collection.

Examples

 // List all job IDs
 var jobs = svc.jobs();
 jobs.fetch(function(err, jobs) {
     var list = jobs.list();
     for(var i = 0; i < list.length; i++) {
         console.log("Job " + (i+1) + ": " + list[i].sid);
     }
 });

log

splunkjs.Service.log
Endpoint: receivers/simple

Logs an event to Splunk.

Syntax

log: function(event, params, callback)

Parameters

Name Type Description
event String,Object

The text for this event, or a JSON object.

params Object

A dictionary of parameters for indexing:
- index (string): The index to send events from this input to.
- host (string): The value to populate in the Host field for events from this data input.
- host_regex (string): A regular expression used to extract the host value from each event.
- source (string): The value to populate in the Source field for events from this data input.
- sourcetype (string): The value to populate in the Sourcetype field for events from this data input.

callback Function

A function to call when the event is submitted: (err, result).

Examples

 service.log("A new event", {index: "_internal", sourcetype: "mysourcetype"}, function(err, result) {
     console.log("Submitted event: ", result);
 });

oneshotSearch

splunkjs.Service.oneshotSearch
Endpoint: search/jobs

Creates a oneshot search from a given search query and optional parameters.

Syntax

oneshotSearch: function(query, params, namespace, callback)

Parameters

Name Type Description
query String

The search query.

params Object

A dictionary of properties for the search:
- output_mode (string): Specifies the output format of the results (XML, JSON, or CSV).
- earliest_time (string): Specifies the earliest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string.
- latest_time (string): Specifies the latest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string.
- rf (string): Specifies one or more fields to add to the search.

namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

callback Function

A function to call with the results of the search: (err, results).

Examples

 service.oneshotSearch("search ERROR", {id: "myjob_123"}, function(err, results) {
     console.log("RESULT FIELDS": results.fields);
 });

parse

splunkjs.Service.parse
Endpoint: search/parser

Parses a search query.

Syntax

parse: function(query, params, callback)

Parameters

Name Type Description
query String

The search query to parse.

params Object

An object of options for the parser:
- enable_lookups (boolean): If true, performs reverse lookups to expand the search expression.
- output_mode (string): The output format (XML or JSON).
- parse_only (boolean): If true, disables the expansion of search due to evaluation of subsearches, time term expansion, lookups, tags, eventtypes, and sourcetype alias.
- reload_macros (boolean): If true, reloads macro definitions from macros.conf.

callback Function

A function to call with the parse info: (err, parse).

Examples

 service.parse("search index=_internal | head 1", function(err, parse) {
     console.log("Commands: ", parse.commands);
 });

savedSearches

splunkjs.Service.savedSearches
Endpoint: saved/searches

Gets the SavedSearches collection, which lets you create, list, and update saved searches.

Syntax

savedSearches: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.SavedSearches.

The SavedSearches collection.

Examples

 // List all # of saved searches
 var savedSearches = svc.savedSearches();
 savedSearches.fetch(function(err, savedSearches) {
     console.log("# Of Saved Searches: " + savedSearches.list().length);
 });

serverInfo

splunkjs.Service.serverInfo
Endpoint: server/info

Gets configuration information about the server.

Syntax

serverInfo: function(callback)

Parameters

Name Type Description
callback Function

A function to call with the server info: (err, info).

Examples

 service.serverInfo(function(err, info) {
     console.log("Splunk Version: ", info.properties().version);
 });

specialize

splunkjs.Service.specialize

Creates a specialized version of the current Service instance for a specific namespace context.

Syntax

specialize: function(owner, app)

Parameters

Name Type Description
owner String

The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.

app String

The app context for this resource (such as "search"). The "-" wildcard means all apps.

Return

splunkjs.Service.

The specialized Service instance.

Examples

 var svc = ...;
 var newService = svc.specialize("myuser", "unix");

storagePasswords

splunkjs.Service.storagePasswords
Endpoint: storage/passwords

Gets the StoragePasswords collection, which lets you create, list, and update storage passwords.

Syntax

storagePasswords: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.StoragePasswords.

The StoragePasswords collection.

Examples

 // List all # of storage passwords
 var storagePasswords = svc.storagePasswords();
 storagePasswords.fetch(function(err, storagePasswords) {
     console.log("# of Storage Passwords: " + storagePasswords.list().length);
 });

typeahead

splunkjs.Service.typeahead
Endpoint: search/typeahead

Provides auto-complete suggestions for search queries.

Syntax

typeahead: function(prefix, count, callback)

Parameters

Name Type Description
prefix String

The query fragment to autocomplete.

count Number

The number of options to return (optional).

callback Function

A function to call with the autocompletion info: (err, options).

Examples

 service.typeahead("index=", 10, function(err, options) {
     console.log("Autocompletion options: ", options);
 });

users

splunkjs.Service.users
Endpoint: authorization/users

Gets the Users collection, which lets you create, list, and retrieve users.

Syntax

users: function()

Return

splunkjs.Service.Users.

The Users collection.

Examples

 // List all usernames
 var users = svc.users();
 users.fetch(function(err, users) {
     var list = users.list();
     for(var i = 0; i < list.length; i++) {
         console.log("User " + (i+1) + ": " + list[i].properties().name);
     }
 });

views

splunkjs.Service.views
Endpoint: data/ui/views

Gets the Views collection, which lets you create, list, and retrieve views (custom UIs built in Splunk's app framework).

Syntax

views: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Views.

The Views collection.

Examples

 // List all views
 var views = svc.views();
 views.fetch(function(err, views) {
     var list = views.list();
     for(var i = 0; i < list.length; i++) {
         console.log("View " + (i+1) + ": " + list[i].properties().name);
     }
 });

del

splunkjs.Context.del

Performs a DELETE request.

Syntax

del: function(path, params, callback)

Parameters

Name Type Description
path String

The REST endpoint path of the DELETE request.

params Object

The entity-specific parameters for this request.

callback Function

The function to call when the request is complete: (err, response).

fullpath

splunkjs.Context.fullpath

Converts a partial path to a fully-qualified path to a REST endpoint, and if necessary includes the namespace owner and app.

Syntax

fullpath: function(path, namespace)

Parameters

Name Type Description
path String

The partial path.

namespace String

The namespace, in the format "owner/app".

Return

String.

The fully-qualified path.

get

splunkjs.Context.get

Performs a GET request.

Syntax

get: function(path, params, callback, isAsync)

Parameters

Name Type Description
path String

The REST endpoint path of the GET request.

params Object

The entity-specific parameters for this request.

callback Function

The function to call when the request is complete: (err, response).

post

splunkjs.Context.post

Performs a POST request.

Syntax

post: function(path, params, callback)

Parameters

Name Type Description
path String

The REST endpoint path of the POST request.

params Object

The entity-specific parameters for this request.

callback Function

The function to call when the request is complete: (err, response).

request

splunkjs.Context.request

Issues an arbitrary HTTP request to the REST endpoint path segment.

Syntax

request: function(path, method, query, post, body, headers, callback)

Parameters

Name Type Description
path String

The REST endpoint path segment (with any query parameters already appended and encoded).

method String

The HTTP method (can be GET, POST, or DELETE).

query Object

The entity-specific parameters for this request.

post Object

A dictionary of POST argument that will get form encoded.

body Object

The body of the request, mutually exclusive with post.

headers Object

Headers for this request.

callback Function

The function to call when the request is complete: (err, response).

versionCompare

splunkjs.Context.versionCompare

Compares the Splunk server's version to the specified version string. Returns -1 if (this.version < otherVersion), 0 if (this.version == otherVersion), 1 if (this.version > otherVersion).

Syntax

versionCompare: function(otherVersion)

Parameters

Name Type Description
otherVersion String

The other version string, for example "5.0".