Methods

apps

splunkjs.Service.apps
Endpoint: apps/local
See: splunkjs.Service.Applications

Gets the Applications collection, which allows you to list installed apps and retrieve information about them.

Syntax

apps: function()

Return

splunkjs.Service.Collection.

The Applications collection.

Examples

 // List installed apps
 var apps = svc.apps();
 apps.fetch(function(err) { console.log(apps.list()); });

Source (lib/service.js:134)

configurations

splunkjs.Service.configurations
Endpoint: configs
See: splunkjs.Service.Configurations

Gets the Configurations collection, which lets you create, list, and retrieve configuration (.conf) files.

Syntax

configurations: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Configurations.

The Configurations collection.

Examples

 // List all properties in the 'props.conf' file
 var files = svc.configurations();
 files.item("props", function(err, propsFile) {
     propsFile.fetch(function(err, props) {
         console.log(props.properties()); 
     });
 });

Source (lib/service.js:162)

currentUser

splunkjs.Service.currentUser
Endpoint: authorization/current-context

Gets the user that is currently logged in.

Syntax

currentUser: function(callback)

Parameters

Name Type Description
callback Function

A function to call with the user instance: (err, user).

Return

splunkjs.Service.currentUser.

The User.

Examples

 service.currentUser(function(err, user) {
     console.log("Real name: ", user.properties().realname);
 });

Source (lib/service.js:416)

firedAlertGroups

splunkjs.Service.firedAlertGroups
Endpoint: saved/searches
See: splunkjs.Service.FiredAlertGroupCollection

Gets the FiredAlertGroupCollection collection, which lets you list alert groups.

Syntax

firedAlertGroups: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.FiredAlertGroupCollection.

The FiredAlertGroupCollection collection.

Examples

 // List all # of fired alert groups
 var firedAlertGroups = svc.firedAlertGroups();
 firedAlertGroups.fetch(function(err, firedAlertGroups) {
     console.log("# of alert groups: " + firedAlertGroups.list().length);
 });

Source (lib/service.js:243)

indexes

splunkjs.Service.indexes
Endpoint: data/indexes
See: splunkjs.Service.Indexes

Gets the Indexes collection, which lets you create, list, and update indexes.

Syntax

indexes: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Indexes.

The Indexes collection.

Examples

 // Check if we have an _internal index
 var indexes = svc.configurations();
 indexes.fetch(function(err, indexes) {
     var index = indexes.item("_internal");
     console.log("Was index found: " + !!index);
     // `index` is an Index object.
 });

Source (lib/service.js:190)

init

splunkjs.Service.init

Constructor for splunkjs.Service.

Syntax

init: function()

Parameters

Name Type Description
http splunkjs.Http

An instance of a splunkjs.Http class.
params Object

A dictionary of optional parameters:
- scheme (string): The scheme ("http" or "https") for accessing Splunk.
- host (string): The host name (the default is "localhost").
- port (integer): The port number (the default is 8089).
- username (string): The Splunk account username, which is used to authenticate the Splunk instance.
- password (string): The password, which is used to authenticate the Splunk instance.
- owner (string): The owner (username) component of the namespace.
- app (string): The app component of the namespace.
- sessionKey (string): The current session token.
- autologin (boolean): true to automatically try to log in again if the session terminates, false if not (true by default).
- version (string): The version string for Splunk, for example "4.3.2" (the default is "5.0").

Return

splunkjs.Service.

A new splunkjs.Service instance.

Source (lib/service.js:72)

jobs

splunkjs.Service.jobs
Endpoint: search/jobs
See: splunkjs.Service.Jobs

Gets the Jobs collection, which lets you create, list, and retrieve search jobs.

Syntax

jobs: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Jobs.

The Jobs collection.

Examples

 // List all job IDs
 var jobs = svc.jobs();
 jobs.fetch(function(err, jobs) {
     var list = jobs.list();
     for(var i = 0; i < list.length; i++) {
         console.log("Job " + (i+1) + ": " + list[i].sid);
     }
 });

Source (lib/service.js:272)

log

splunkjs.Service.log
Endpoint: receivers/simple

Logs an event to Splunk.

Syntax

log: function(event, params, callback)

Parameters

Name Type Description
event String,Object

The text for this event, or a JSON object.
params Object

A dictionary of parameters for indexing:
- index (string): The index to send events from this input to.
- host (string): The value to populate in the Host field for events from this data input.
- host_regex (string): A regular expression used to extract the host value from each event.
- source (string): The value to populate in the Source field for events from this data input.
- sourcetype (string): The value to populate in the Sourcetype field for events from this data input.
callback Function

A function to call when the event is submitted: (err, result).

Examples

 service.log("A new event", {index: "_internal", sourcetype: "mysourcetype"}, function(err, result) {
     console.log("Submitted event: ", result);
 });

Source (lib/service.js:563)

oneshotSearch

splunkjs.Service.oneshotSearch
Endpoint: search/jobs

Creates a oneshot search from a given search query and optional parameters.

Syntax

oneshotSearch: function(query, params, namespace, callback)

Parameters

Name Type Description
query String

The search query.
params Object

A dictionary of properties for the search:
- output_mode (string): Specifies the output format of the results (XML, JSON, or CSV).
- earliest_time (string): Specifies the earliest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string.
- latest_time (string): Specifies the latest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string.
- rf (string): Specifies one or more fields to add to the search.
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".
callback Function

A function to call with the results of the search: (err, results).

Examples

 service.oneshotSearch("search ERROR", {id: "myjob_123"}, function(err, results) {
     console.log("RESULT FIELDS": results.fields);
 });

Source (lib/service.js:391)

parse

splunkjs.Service.parse
Endpoint: search/parser

Parses a search query.

Syntax

parse: function(query, params, callback)

Parameters

Name Type Description
query String

The search query to parse.
params Object

An object of options for the parser:
- enable_lookups (boolean): If true, performs reverse lookups to expand the search expression.
- output_mode (string): The output format (XML or JSON).
- parse_only (boolean): If true, disables the expansion of search due to evaluation of subsearches, time term expansion, lookups, tags, eventtypes, and sourcetype alias.
- reload_macros (boolean): If true, reloads macro definitions from macros.conf.
callback Function

A function to call with the parse info: (err, parse).

Examples

 service.parse("search index=_internal | head 1", function(err, parse) {
     console.log("Commands: ", parse.commands);
 });

Source (lib/service.js:482)

savedSearches

splunkjs.Service.savedSearches
Endpoint: saved/searches
See: splunkjs.Service.SavedSearches

Gets the SavedSearches collection, which lets you create, list, and update saved searches.

Syntax

savedSearches: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.SavedSearches.

The SavedSearches collection.

Examples

 // List all # of saved searches
 var savedSearches = svc.savedSearches();
 savedSearches.fetch(function(err, savedSearches) {
     console.log("# Of Saved Searches: " + savedSearches.list().length);
 });

Source (lib/service.js:216)

serverInfo

splunkjs.Service.serverInfo
Endpoint: server/info

Gets configuration information about the server.

Syntax

serverInfo: function(callback)

Parameters

Name Type Description
callback Function

A function to call with the server info: (err, info).

Examples

 service.serverInfo(function(err, info) {
     console.log("Splunk Version: ", info.properties().version);
 });

Source (lib/service.js:455)

specialize

splunkjs.Service.specialize

Creates a specialized version of the current Service instance for a specific namespace context.

Syntax

specialize: function(owner, app)

Parameters

Name Type Description
owner String

The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
app String

The app context for this resource (such as "search"). The "-" wildcard means all apps.

Return

splunkjs.Service.

The specialized Service instance.

Examples

 var svc = ...;
 var newService = svc.specialize("myuser", "unix");

Source (lib/service.js:104)

typeahead

splunkjs.Service.typeahead
Endpoint: search/typeahead

Provides auto-complete suggestions for search queries.

Syntax

typeahead: function(prefix, count, callback)

Parameters

Name Type Description
prefix String

The query fragment to autocomplete.
count Number

The number of options to return (optional).
callback Function

A function to call with the autocompletion info: (err, options).

Examples

 service.typeahead("index=", 10, function(err, options) {
     console.log("Autocompletion options: ", options);
 });

Source (lib/service.js:519)

users

splunkjs.Service.users
Endpoint: authorization/users
See: splunkjs.Service.Users

Gets the Users collection, which lets you create, list, and retrieve users.

Syntax

users: function()

Return

splunkjs.Service.Users.

The Users collection.

Examples

 // List all usernames
 var users = svc.users();
 users.fetch(function(err, users) {
     var list = users.list();
     for(var i = 0; i < list.length; i++) {
         console.log("User " + (i+1) + ": " + list[i].properties().name);
     }
 });

Source (lib/service.js:297)

views

splunkjs.Service.views
Endpoint: data/ui/views
See: splunkjs.Service.Views

Gets the Views collection, which lets you create, list, and retrieve views (custom UIs built in Splunk's app framework).

Syntax

views: function(namespace)

Parameters

Name Type Description
namespace Object

Namespace information:
- owner (string): The Splunk username, such as "admin". A value of "nobody" means no specific user. The "-" wildcard means all users.
- app (string): The app context for this resource (such as "search"). The "-" wildcard means all apps.
- sharing (string): A mode that indicates how the resource is shared. The sharing mode can be "user", "app", "global", or "system".

Return

splunkjs.Service.Views.

The Views collection.

Examples

 // List all views
 var views = svc.views();
 views.fetch(function(err, views) {
     var list = views.list();
     for(var i = 0; i < list.length; i++) {
         console.log("View " + (i+1) + ": " + list[i].properties().name);
     }
 });

Source (lib/service.js:326)