![]() Standard HTTP status codes are not included in endpoint documentation, but status codes with specific meaning for an endpoint and/or operation are noted. Returned values specific to the resource and/or operation are listed along with their descriptions. The response to GET and other requests typically includes key-value pairs representing details about the resource that you are accessing. True = Summarized response, omitting some index details, providing a faster response. Otherwise, collate alphabetically.Īlpha = Collate alphabetically, not case-sensitive.Īlpha_case = Collate alphabetically, case-sensitive. (Requires URI-encoding.)Īuto = If all field values are numeric, collate numerically. Search=field_name%3Dfield_value restricts the match to a single field. Search=foo matches on any field with the string foo in the name. Response filter, where the response field values are matched against this search expression. Specify multiple times to return multiple values.į=qualifiedSearch returns only the value for qualifiedSearch.į=s* returns all the values that have names beginning with s.į=qualifiedSearch&f=is_visible returns the values for qualifiedSearch as well as is_visible. Set value to 0 to get all available entries.įilters the response to include only the named values. In addition to the parameters specific to each endpoint and operation, the following request parameters are valid for some GET methods. Request and response details Pagination and filtering parameters Returned values included in the response.Request parameter information and requirements. ![]() Expandable elements showing available operations (GET, POST, and/or DELETE) for the endpoint.Įxpand a GET, POST, or DELETE element to show the following usage information about the operation.Reference information for each endpoint in the REST API includes the following items. Some operations have specific capability requirements, as noted. Manage system resources for search workloads.ĭepending on the endpoint, GET, POST, and/or DELETE operations are available for accessing, creating, updating, or deleting resources. Manage searches and search-generated alerts and view objects. Install applications and application templates.Ĭonfigure and manage indexer clusters and search head clusters.ĭefine indexed and searched data configurations. Resources are grouped into the following categories. Use the corresponding publicly documented endpoint instead. Splunk does not support or document REST API endpoints that contain /admin/ in their URIs. If you are using Splunk Cloud Platform, review details in Access requirements and limitations for the Splunk Cloud Platform REST API. There are some REST API access and usage differences between Splunk Cloud Platform and Splunk Enterprise. See the Endpoints reference list for an alphabetical list of endpoints. See the REST API User Manual to learn about the Splunk REST API basic concepts. Other endpoints support migrating the Company whitelist to a Safelist library, retrieve a Safelist library by its GUID, parse terms from a chunk of text, and get the list of summaries for the Safelist libraries for your organization.Įndpoints to search for Indicators and update tags.Įndpoints to get observables in a submission, search for observables, and remove or add tags to an observable.Įndpoints for submissions (Intelligence Sources, Events, or Indicators) that you can use to get status, search, redact text, or alter tags.Įndpoints to create, update, upsert, find, or delete Events.Įndpoints to create, update, upsert, find, or delete Indicators.Įndpoints to create, update, upsert, find, or delete Intelligence.Įndpoints that support Intel Workflow functionality.Use the REST API Reference to learn about available endpoints and operations for accessing, creating, updating, or deleting resources. Gets a list of Enclaves that the user has permissions to access.Įndpoints to create a new Safelist library, add or delete entries, and delete a Safelist library. The API provides endpoints for these functional areas of the Splunk Intelligence Management platform:Įndpoints for Authentication (API Key and API Secret). See Splunk Intelligence Management Python SDK to interact with the Splunk Intelligence Management Rest API from within any Python program.Some endpoints can be used for any Submission, while other endpoints are specific to one type of Submission, for example, Submission Event endpoints. Introduces the term Submission to cover Intelligence Sources, Events, and Indicators.Version 2.0 introduces some changes from previous versions of the Splunk Intelligence Management REST API: All API access is over HTTPS, and all data is transmitted securely in JSON format. The Splunk Intelligence Management REST API enables you to easily synchronize report information available in Splunk Intelligence Management with the monitoring tools and analysis workflows you use in your infrastructure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |