Search=field_name%3Dfield_value restricts the match to a single field. Search=foo matches on any field with the string foo in the name. Response filter, where the response field values are matched against this search expression. Specify multiple times to return multiple values.į=qualifiedSearch returns only the value for qualifiedSearch.į=s* returns all the values that have names beginning with s.į=qualifiedSearch&f=is_visible returns the values for qualifiedSearch as well as is_visible.
Set value to 0 to get all available entries.įilters the response to include only the named values. In addition to the parameters specific to each endpoint and operation, the following request parameters are valid for some GET methods. Request and response details Pagination and filtering parameters Returned values included in the response.Request parameter information and requirements.Expandable elements showing available operations (GET, POST, and/or DELETE) for the endpoint.Įxpand a GET, POST, or DELETE element to show the following usage information about the operation.Reference information for each endpoint in the REST API includes the following items. Some operations have specific capability requirements, as noted. See the Endpoints reference list for an alphabetical list of endpoints.ĭepending on the endpoint, GET, POST, and/or DELETE operations are available for accessing, creating, updating, or deleting resources.
SPLUNK CALL REST API FROM SEARCH FULL
For a full list of endpoints supported in Splunk Enterprise, see Resource groups in the Splunk Enterprise REST API Reference Manual. Splunk Cloud Platform supports a subset of the REST API endpoints available in Splunk Enterprise. Manage searches and search-generated alerts and view objects. Manage federated providers and federated indexes.ĭefine indexed and searched data configurations.Įnumerate metrics and dimensions associated with metrics. Resources are grouped into the following categories. Use the corresponding publicly documented endpoint instead. Splunk does not support or document REST API endpoints that contain /admin/ in their URIs. If you are using Splunk Cloud Platform, review details in Access requirements and limitations for the Splunk Cloud Platform REST API. There are some REST API access and usage differences between Splunk Cloud Platform and Splunk Enterprise.
SPLUNK CALL REST API FROM SEARCH MANUAL
See the REST API User Manual to learn about the Splunk REST API basic concepts. For this example we are doing every 20 seconds but you can do once a day, etc.Use the REST API Reference to learn about available endpoints and operations for accessing, creating, updating, or deleting resources. Now fill out the following to match what you see below. In your Splunk Web UI Click on "Data inputs" Techpulse.py - main python script that pulls from API You should now have the following scripts in $SPLUNK_HOME/bin/scripts/ creds.json - used to persist our creds for this example Get_device_security_compliance(access_token) Response = requests.post( url, headers=headers, params=querystring) Use the following template for your creds.json ", In a production application you will need a more secure way to store, retrieve, and reuse credentials. Note: Once again this is not a production ready solution. Python3 $SPLUNK_HOME/bin/scripts/techpulse2.pyĬreds.json is what we will use to persist our refresh tokens for this simple example application. # Be sure to replace this with your specific splunk path Now Insert the following text into techpulse.sh using your favorite text editor # techpulse.sh Setup the wrapper script # this is where we store our scripts Throughout the rest of this tutorial I will use $SPLUNK_HOME in place of whatever folder your Splunk is installed in. For example doing this on my local machine it is setup in /Applications/Splunk/ Using Python 2 these days is not a great idea so we are going to create a wrapper script using bash to call our script with Python 3.įind out where Splunk is installed.
If you need help with this then reach out to us in our TechPulse API Forum Keep it secret. We will use the refresh token to request an access token from the API. Use Postman or our Python Examples to get your refresh token. Reach out to us in our Forum: TechPulse API Forum Get your refresh token
0 kommentar(er)
