Search=field_name%3Dfield_value restricts the match to a single field. Search=foo matches on any field with the string foo in the name. Response filter, where the response field values are matched against this search expression. Specify multiple times to return multiple values.į=qualifiedSearch returns only the value for qualifiedSearch.į=s* returns all the values that have names beginning with s.į=qualifiedSearch&f=is_visible returns the values for qualifiedSearch as well as is_visible. Set value to 0 to get all available entries.įilters the response to include only the named values. In addition to the parameters specific to each endpoint and operation, the following request parameters are valid for some GET methods. Request and response details Pagination and filtering parameters
SPLUNK ENTERPRISE REST API FULL
For a full list of endpoints supported in Splunk Enterprise, see Resource groups in the Splunk Enterprise REST API Reference Manual. Splunk Cloud Platform supports a subset of the REST API endpoints available in Splunk Enterprise. Manage searches and search-generated alerts and view objects. Manage federated providers and federated indexes.ĭefine indexed and searched data configurations.Įnumerate metrics and dimensions associated with metrics. Resources are grouped into the following categories. Use the corresponding publicly documented endpoint instead. Splunk does not support or document REST API endpoints that contain /admin/ in their URIs. If you are using Splunk Cloud Platform, review details in Access requirements and limitations for the Splunk Cloud Platform REST API. There are some REST API access and usage differences between Splunk Cloud Platform and Splunk Enterprise.
SPLUNK ENTERPRISE REST API MANUAL
See the REST API User Manual to learn about the Splunk REST API basic concepts.
Use the REST API Reference to learn about available endpoints and operations for accessing, creating, updating, or deleting resources.
0 kommentar(er)
