• Overview
  • Overview
  • Splunk Architecture
• REST API
  • Splunk's REST API
    • Using REST Methods
    • Splunk REST endpoint mappings
    • HTTP ports Splunk uses
    • What you need to know about searching with Splunk
    • Other important topics
  • Get started
  • Output formats via XML
    • Example Generic Response with Messaging
    • Generic Response with Messaging (via error codes)
    • Example Atom Feed Response
    • Example Atom Feed with Messaging
    • Example Atom Entry Response
  • Login
    • /services/auth/login
  • Legacy methods
    • /services/invokeapi/legacy_method_name
  • Properties
    • /services/properties
    • /services/properties/file_name
    • /services/properties/file_name/stanza_name
    • /services/properties/file_name/stanza_name/key_name
  • Search
    • /services/search/jobs
    • /services/search/jobs/search_id
    • /services/search/jobs/search_id/events
    • /services/search/jobs/search_id/results
    • /services/search/jobs/search_id/timeline
    • /services/search/jobs/search_id/summary
    • /services/search/jobs/search_id/control
  • Streaming
    • /services/streams/search
    • /services/streams/livetail
• Configuration files
  • How do configuration files work?
    • Configuration file directory structure
    • Configuration file precedence
  • Create Regular Expressions
    • Filename
    • Format
    • Attributes
    • Splunk Reserved Keys
    • Examples
  • Add & Override Properties
    • Filename
    • Format
    • Spec
    • Attributes
    • Linemerging
    • Timestamp extraction configuration
    • Typing configuration
    • Class configuration
    • Source Type configuration
    • Examples
  • Add Input Configurations
    • Filename
    • Format
    • Input Types
    • Attributes
    • Additional Attributes
    • Examples
  • Recognize Source Types
    • Filename
    • Format
    • Examples
• Splunk Web appearance
  • How Splunk Uses Skins
    • Skins css Files
    • Images/skins directory
  • Add or remove themes
    • Create a new skin
    • Examples
  • Dashboard customization
    • Create a new dashboard
    • Add items to a dashboard

Get started

If you are logged into the same machine as your Splunk instance and have wget installed, you can copy and paste the following command into your terminal:

wget -O - -q --no-check-certificate https://localhost:8089/services/

The -O - tells wget you want the response sent to standard output. The --no-check-certificate tells wget that you want it to ignore critical certificate error, which you'll have if you don't have a valid certificate.

You should see an XML formatted ATOM response returned:

root@foobar [~]# wget -O - -q --no-check-certificate https://localhost:8089/services/
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
  <title>services</title>
  <id>https://localhost:8089/services/</id>
  <updated>2008-01-31T19:15:37-0600</updated>
  <generator version="31749"/>
  <author>
    <name>Splunk</name>
  </author>
  <entry>
    <title>streams</title>
    <id>https://localhost:8089/services/streams</id>
    <updated>2008-01-31T19:15:37-0600</updated>
    <link href="https://localhost:8089/services/streams" rel="alternate"/>
  </entry>
...
...
</feed>

Note: In versions 3.1.x and earlier, Splunk's REST endpoints were served off the SplunkWeb process using the http://yourhost:8000/v3/ URL format. If you are coding against an older version of Splunk, you will need to reference the older documentation for the deprecated /v3/ endpoints. You can't use a /v3 auth token with the /services endpoints.