splunklib.client

This module provides a client interface for the Splunk REST API.

splunklib.client.connect(**kwargs)

Establishes an authenticated connection to a Splunk Service instance.

Parameters:

Parameters:	host – The host name (the default is localhost). port – The port number (the default is 8089). scheme – The scheme for accessing the service (the default is https). owner – The owner namespace (optional). app – The app context (optional). token – The current session token (optional). Session tokens can be shared across multiple service instances. username – The Splunk account username, which is used to authenticate the Splunk instance. password – The password, which is used to authenticate the Splunk instance.
Returns:	An initialized `Service` instance.

host – The host name (the default is localhost).
port – The port number (the default is 8089).
scheme – The scheme for accessing the service (the default is https).
owner – The owner namespace (optional).
app – The app context (optional).
token – The current session token (optional). Session tokens can be shared across multiple service instances.
username – The Splunk account username, which is used to authenticate the Splunk instance.
password – The password, which is used to authenticate the Splunk instance.

Returns:

An initialized Service instance.

class splunklib.client.Collection(service, path, item=<class 'splunklib.client.Entity'>)

This class contains a collection of entities.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(name, **kwargs)

Creates an entity in this collection.

Parameters:	name – The name of the entity to create. kwargs – Additional entity-specific arguments (optional).
Returns:	The new entity.

delete(name)

Removes an entity from the collection.

Parameters:	name – The name of the entity to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(): Returns metadata for members of the collection.

list(count=-1, **kwargs)

Returns the contents of the collection.

Parameters:

Parameters:	count – The maximum number of items to return (optional). offset – The offset of the first item to return (optional). search – The search expression to filter responses (optional). sort_dir – The direction to sort returned items: asc or desc (optional). sort_key – The field to use for sorting (optional). sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

count – The maximum number of items to return (optional).
offset – The offset of the first item to return (optional).
search – The search expression to filter responses (optional).
sort_dir – The direction to sort returned items: asc or desc (optional).
sort_key – The field to use for sorting (optional).
sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Endpoint(service, path)

This class is a base class for all client objects.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Entity(service, path, **kwargs)

This class is a base class for all entity objects.

access: Returns entity access metadata.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

class splunklib.client.Service(**kwargs)

This class represents a Splunk service instance at a given address (host:port), accessed using the http or https protocol scheme.

A Service instance also captures an optional namespace context consisting of an optional owner name (or “-” wildcard) and optional app name (or “-” wildcard). To access Service members, the instance must be authenticated by presenting credentials using the login() method, or by constructing the instance using the connect() function, which both creates and authenticates the instance.

Parameters:

Parameters:	host – The host name (the default is localhost). port – The port number (the default is 8089). scheme – The scheme for accessing the service (the default is https). owner – The owner namespace (optional). app – The app context (optional). token – The current session token (optional). Session tokens can be shared across multiple service instances. username – The Splunk account username, which is used to authenticate the Splunk instance. password – The password, which is used to authenticate the Splunk instance.

host – The host name (the default is localhost).
port – The port number (the default is 8089).
scheme – The scheme for accessing the service (the default is https).
owner – The owner namespace (optional).
app – The app context (optional).
token – The current session token (optional). Session tokens can be shared across multiple service instances.
username – The Splunk account username, which is used to authenticate the Splunk instance.
password – The password, which is used to authenticate the Splunk instance.

apps: Returns a collection of Splunk applications.

capabilities: Returns a list of system capabilities.

confs: Returns a collection of Splunk configurations.

connect(): Returns an open connection (socket) to the service.

delete(path, **kwargs)

Issues a DELETE request to a REST endpoint you specify.

Parameters:	path – The resource path (REST endpoint). kwargs – Request arguments (optional).

event_types: Returns a collection of saved event types.

fired_alerts: Returns a collection of alerts that have been fired by the service.

fullpath(path, **kwargs)

Returns a full REST endpoint using an endpoint path or path fragment, then adds namespace segments by either using any namespace arguments that are provided or the context namespace values.

Parameters:	path – The resource path (REST endpoint), possibly a fragment. kwargs – Namespace arguments to use for completing the path: sharing, owner, and app (optional).

get(path, **kwargs)

Issues a GET request to a REST endpoint you specify.

Parameters:	path – The resource path (REST endpoint). kwargs – Query arguments (optional).

indexes: Returns a collection of indexes.

info: Returns information about the service.

inputs: Returns a collection of configured inputs.

jobs: Returns a collection of current search jobs.

loggers: Returns a collection of service logging categories and their status.

login(): Issues a Splunk login request using the context’s credentials and stores the session token for use on subsequent requests.

logout(): Forgets the current session token.

messages: Returns a collection of service messages.

parse(query, **kwargs)

Parses a search query and returns a semantic map of the search.

Parameters:	query – The search query to parse. kwargs – Optional arguments to pass to the `search/parser` endpoint.
Returns:	A semantic map of the parsed search query.

post(path, **kwargs)

Issues a POST request to a REST endpoint you specify.

Parameters:	path – The resource path (REST endpoint). kwargs – Form arguments (optional).

request(path, message)

Issues an HTTP request message to a REST endpoint you specify.

Parameters:	path – The resource path (REST endpoint). request – The request message.

restart(): Restarts the service. The service will be unavailable until it has successfully restarted.

roles: Returns a collection of user roles.

saved_searches: Returns a collection of saved searches.

settings: Returns configuration settings for the service.

url(path)

Converts a REST endpoint (from a path or path fragment) into a complete URL.

Parameters:	path – The resource path (REST endpoint) to convert to a full URL.

users: Returns a collection of users.

class splunklib.client.AlertGroup(service, path, **kwargs)

This class contains an entity that represents a group of fired alerts that can be accessed through the alerts() property.

access: Returns entity access metadata.

alerts: Returns a collection of triggered alert instances.

content: Returns the contents of the entity.

count: Returns the count of triggered alerts.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

class splunklib.client.Conf(service, name)

This class contains a single configuration, which is a collection of stanzas.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(name, **kwargs)

Creates an entity in this collection.

Parameters:	name – The name of the entity to create. kwargs – Additional entity-specific arguments (optional).
Returns:	The new entity.

delete(name)

Removes an entity from the collection.

Parameters:	name – The name of the entity to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(): Returns metadata for members of the collection.

list(count=-1, **kwargs)

Returns the contents of the collection.

Parameters:

Parameters:	count – The maximum number of items to return (optional). offset – The offset of the first item to return (optional). search – The search expression to filter responses (optional). sort_dir – The direction to sort returned items: asc or desc (optional). sort_key – The field to use for sorting (optional). sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

count – The maximum number of items to return (optional).
offset – The offset of the first item to return (optional).
search – The search expression to filter responses (optional).
sort_dir – The direction to sort returned items: asc or desc (optional).
sort_key – The field to use for sorting (optional).
sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Confs(service)

This class contains a collection of configurations.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(name, **kwargs)

delete(name)

Removes an entity from the collection.

Parameters:	name – The name of the entity to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(): Returns metadata for members of the collection.

list(count=-1, **kwargs)

Returns the contents of the collection.

Parameters:

Parameters:	count – The maximum number of items to return (optional). offset – The offset of the first item to return (optional). search – The search expression to filter responses (optional). sort_dir – The direction to sort returned items: asc or desc (optional). sort_key – The field to use for sorting (optional). sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

count – The maximum number of items to return (optional).
offset – The offset of the first item to return (optional).
search – The search expression to filter responses (optional).
sort_dir – The direction to sort returned items: asc or desc (optional).
sort_key – The field to use for sorting (optional).
sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Stanza(service, path, **kwargs)

This class contains a single configuration stanza.

access: Returns entity access metadata.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

submit(stanza): Populates a stanza in the .conf file.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

class splunklib.client.Index(service, path, **kwargs)

This class is an index class used to access specific operations.

access: Returns entity access metadata.

attach(host=None, source=None, sourcetype=None)

Opens a stream (a writable socket) for writing events to the index.

Parameters:	host – The host value for events written to the stream. source – The source value for events written to the stream. sourcetype – The sourcetype value for events written to the stream.

clean(timeout=60)

Deletes the contents of the index.

Parameters:	timeout – The time-out period for the operation, in seconds (the default is 60).

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

roll_hot_buckets(): Performs rolling hot buckets for this index.

state: Returns the entity’s state record.

submit(event, host=None, source=None, sourcetype=None)

Submits an event to the index using HTTP POST.

Parameters:	host – The host value of the event. source – The source value of the event. sourcetype – The sourcetype value of the event.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

upload(filename, **kwargs)

Uploads a file for immediate indexing.

Parameters:	filename – The name of the file to upload. The file can be a plain, compressed, or archived file. kwargs – Additional arguments (optional). For details, see the POST data/inputs/oneshot endpoint in the Splunk REST API documentation.

class splunklib.client.Input(service, path, kind, **kwargs)

This class represents a Splunk input. This class is the base for all typed input classes and is also used when the client does not recognize an input kind.

access: Returns entity access metadata.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

class splunklib.client.Inputs(service, kindmap=None)

This class represents a collection of inputs. The collection is heterogeneous and each member of the collection contains a kind property that indicates the specific type of input.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(kind, name, **kwargs)

Creates an input of a specific kind in this collection, with any arguments you specify.

Parameters:	kind – The kind of input to create. name – The input name. kwargs – Additional entity-specific arguments (optional). For valid arguments, see the POST requests for the /data/inputs/ endpoints in the Splunk REST API documentation.
Returns:	The new input.

delete(name)

Removes an input from the collection.

Parameters:	name – The name of the input to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(kind): Returns metadata for the members of a given kind.

kindpath(kind)

Returns a path to the resources for a given input kind.

Parameters:	kind – The input kind.

kinds: Returns the list of input kinds that this collection may contain.

list(*args)

Returns a list of inputs that belong to the collection. You can also filter by one or more input kinds.

Parameters:	args – The input kinds to return (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Job(service, path, **kwargs)

This class represents a search job.

access: Returns entity access metadata.

cancel(): Stops the current search and deletes the result cache.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

disable_preview(): Disables preview for this job.

enable(): Enables the entity at this endpoint.

enable_preview(): Enables preview for this job (although doing so might slow search considerably).

events(**kwargs): Returns an InputStream IO handle for this job’s events.

fields: Returns entity content metadata.

finalize(): Stops the job and provides intermediate results available for retrieval.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the name of the search job.

pause(): Suspends the current search.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

preview(**kwargs)

Returns the InputStream IO handle to the preview results for this job.

Parameters:	kwargs – Additional preview arguments (optional). For details, see the GET search/jobs/{search_id}/results_preview endpoint in the REST API documentation.

read(): Returns the job’s current state record, corresponding to the current state of the server-side resource.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

results(**kwargs)

Returns an InputStream IO handle to the search results for this job.

Parameters:	kwargs – Additional results arguments (optional). For details, see the GET search/jobs/{search_id}/results endpoint in the REST API documentation.

searchlog(**kwargs)

Returns an InputStream IO handle to the search log for this job.

Parameters:	kwargs – Additional search log arguments (optional). For details, see the GET search/jobs/{search_id}/search.log endpoint in the REST API documentation.

set_priority(value)

Sets this job’s search priority in the range of 0-10.

Parameters:	value – The search priority.

set_ttl(value)

Set the job’s time-to-live (ttl) value, which is the time before the search job expires and is still available.

Parameters:	value – The ttl value, in seconds.

sid: Returns this job’s search ID (sid).

state: Returns the entity’s state record.

summary(**kwargs)

Returns an InputStream IO handle to the job’s summary.

Parameters:	kwargs – Additional summary arguments (optional). For details, see the GET search/jobs/{search_id}/summary endpoint in the REST API documentation.

timeline(**kwargs)

Returns an InputStream IO handle to the job’s timeline results.

Parameters:	kwargs – Additional timeline arguments (optional). For details, see the GET search/jobs/{search_id}/timeline endpoint in the REST API documentation.

touch(): Extends the expiration time of the search to the current time plus the time-to-live value (now + ttl).

unpause(): Resumes the current search, if paused.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

class splunklib.client.Jobs(service)

This class represents a collection of search jobs.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(query, **kwargs)

delete(name)

Removes an entity from the collection.

Parameters:	name – The name of the entity to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(): Returns metadata for members of the collection.

list(count=0, **kwargs)

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Loggers(service)

This class represents a collection of service logging categories.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(name, **kwargs)

Creates an entity in this collection.

Parameters:	name – The name of the entity to create. kwargs – Additional entity-specific arguments (optional).
Returns:	The new entity.

delete(name)

Removes an entity from the collection.

Parameters:	name – The name of the entity to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

list(count=-1, **kwargs)

Returns the contents of the collection.

Parameters:

count – The maximum number of items to return (optional).
offset – The offset of the first item to return (optional).
search – The search expression to filter responses (optional).
sort_dir – The direction to sort returned items: asc or desc (optional).
sort_key – The field to use for sorting (optional).
sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Message(service, path, **kwargs)

access: Returns entity access metadata.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

update(**kwargs)

Updates the entity with the arguments you provide.

Note that you cannot update the name field of an Entity, due to a peculiarity of the REST API.

value: Returns the message value.

class splunklib.client.SavedSearch(service, path, **kwargs)

This class represents a saved search.

access: Returns entity access metadata.

acknowledge(): Acknowledges the suppression of alerts from this saved search and resumes alerting.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

dispatch(**kwargs)

Runs the saved search and returns the resulting search job.

Parameters:	kwargs – Additional dispatch arguments (optional). For details, see the POST saved/searches/{name}/dispatch endpoint in the REST API documentation.
Returns:	The new search job.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

history()

Returns a list of search jobs corresponding to this saved search.

Returns:	A list of `Job` objects.

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

update(search=None, **kwargs)

Updates the saved search with any additional arguments.

Parameters:	search – The search string of this saved search (optional). kwargs – Additional update arguments (optional).

class splunklib.client.SavedSearches(service)

This class represents a collection of saved searches.

contains(name)

Indicates whether an entity name exists in the collection.

Parameters:	name – The entity name.

create(name, search, **kwargs)

delete(name)

Removes an entity from the collection.

Parameters:	name – The name of the entity to remove.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(): Returns metadata for members of the collection.

list(count=-1, **kwargs)

Returns the contents of the collection.

Parameters:

count – The maximum number of items to return (optional).
offset – The offset of the first item to return (optional).
search – The search expression to filter responses (optional).
sort_dir – The direction to sort returned items: asc or desc (optional).
sort_key – The field to use for sorting (optional).
sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.Settings(service, **kwargs)

This class represents configuration settings for a Splunk service.

access: Returns entity access metadata.

content: Returns the contents of the entity.

disable(): Disables the entity at this endpoint.

enable(): Enables the entity at this endpoint.

fields: Returns entity content metadata.

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

links: Returns a dictionary of related resources.

name: Returns the entity name.

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

read(): Reads the current state of the entity from the server.

refresh(state=None): Refreshes the cached state of this entity, using either the given state record, or by calling read() if no state record is provided.

reload(): Reloads the entity.

state: Returns the entity’s state record.

update(**kwargs)

class splunklib.client.Users(service)

This class represents a Splunk user.

contains(name)

create(name, **kwargs)

delete(name)

get(relpath='', **kwargs)

Issues a GET request to an endpoint, using a relative path and query arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Query arguments (optional).

itemmeta(): Returns metadata for members of the collection.

list(count=-1, **kwargs)

Returns the contents of the collection.

Parameters:

count – The maximum number of items to return (optional).
offset – The offset of the first item to return (optional).
search – The search expression to filter responses (optional).
sort_dir – The direction to sort returned items: asc or desc (optional).
sort_key – The field to use for sorting (optional).
sort_mode – The collating sequence for sorting returned items: auto, alpha, alpha_case, num (optional).

post(relpath='', **kwargs)

Issues a POST request to an endpoint, using a relative path and form arguments if provided.

Parameters:	relpath – A path relative to the endpoint (optional). kwargs – Form arguments (optional).

class splunklib.client.NotSupportedError

Raised for operations that are not supported on a given object.

args

message

class splunklib.client.OperationError

Raised for a failed operation, such as a time out.

args

message

Navigation

splunklib.client