• Overview
  • Overview
  • Splunk Architecture
• REST API
  • Splunk's REST API
    • Using REST Methods
    • Splunk REST endpoint mappings
    • HTTP ports Splunk uses
    • What you need to know about searching with Splunk
    • Other important topics
  • Login
    • /services/auth/login
  • Legacy methods
    • /services/invokeapi/legacy_method_name
  • Properties
    • /services/properties
    • /services/properties/file_name
    • /services/properties/file_name/stanza_name
    • /services/properties/file_name/stanza_name/key_name
  • Search
    • /services/search/jobs
    • /services/search/jobs/search_id
    • /services/search/jobs/search_id/events
    • /services/search/jobs/search_id/results
    • /services/search/jobs/search_id/timeline
    • /services/search/jobs/search_id/summary
    • /services/search/jobs/search_id/control
  • Streaming
    • /services/streams/search
    • /services/streams/livetail
• Configuration files
  • How do configuration files work?
    • Configuration file directory structure
    • Configuration file precedence
  • Create Regular Expressions
    • Filename
    • Format
    • Attributes
    • Splunk Reserved Keys
    • Examples
  • Add & Override Properties
    • Filename
    • Format
    • Spec
    • Attributes
    • Linemerging
    • Timestamp extraction configuration
    • Typing configuration
    • Class configuration
    • Source Type configuration
    • Examples
  • Add Input Configurations
    • Filename
    • Format
    • Input Types
    • Attributes
    • Additional Attributes
    • Examples
  • Recognize Source Types
    • Filename
    • Format
    • Examples
• Splunk Web appearance
  • How Splunk Uses Skins
    • Skins css Files
    • Images/skins directory
  • Add or remove themes
    • Create a new skin
    • Examples

Streaming

/services/streams/search

Provides synchronous event search streaming service

GET

Executes a simple search, i.e. no pipe support

Query Arguments

q - The simple search string (no leading 'search' operator) to execute

Response Status

200 - Method executed successfully

Response Body

// The return content is raw event text in streaming format.  
// There is no formatting, or timestamping on the data.  
// Close the client connection to stop the search.

/services/streams/livetail

Provides synchronous data input tailing service

GET

Streams raw data being received by Splunk

Query Arguments

q - The simple search string (no leading 'search' operator) to apply to the incoming data stream

Response Status

200 - Method executed successfully

Response Body

// The return content is raw event text in streaming format.  
// There is no formatting, or timestamping on the data.  
// Close the client connection to stop the search.