Documentation:
3.3.1
This page last updated: 10/27/08 11:10am
Get started
Before you interact with Splunk's endpoints, set up your environment. You have the following options:
- Use one of Splunk's SDKs.
- Or integrate variables within your own script, for example:
$ cat ~/bin/splunk-login #!/bin/sh export SPLUNK_URL='https://localhost:8089/services' export SPLUNK_URL_PROPS="$SPLUNK_URL/properties" export SPLUNK_AUTH_TOKEN=`curl -k $SPLUNK_URL/auth/login -d"username=admin&password=changeme" 2>/dev/null | grep sessionKey | sed s@'.*<sessionKey>\(.*\)</sessionKey>'@'\1'@` export SPLUNK_AUTH_HEADER="authorization: Splunk $SPLUNK_AUTH_TOKEN" source splunk-login
Send a request to any REST endpoint with either wget or curl. See the following examples.
Note You can also use a browser to access the endpoints for testing, but you will still need to authenticate. Only the default Splunk auth or the LDAP failsafe user can correctly authenticate from a browser. If you are using an LDAP user other than the failsafe login or a scripted authentication method, you will not be able to test from a browser.
wgetUse wget to access any REST endpoint. Here's a basic example:
wget -O testme --no-check-certificate --post-data="username=admin&password=changeme" "$SPLUNK_URL/auth/login"
This outputs the returned XML to testme and includes a login admin/changeme.
The -O - tells wget you want the response sent to standard output. The --no-check-certificate tells wget that you want it to ignore critical certificate error, which you'll have if you don't have a valid certificate.
curlUse curl to access any REST endpoint. Here's a basic example:
curl -k -H "$SPLUNK_AUTH_HEADER" "$SPLUNK_URL"
Get a responseYou should see an XML formatted ATOM response returned:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
<title>services</title>
<id>https://localhost:8089/services/</id>
<updated>2008-06-11T11:30:48-0700</updated>
<generator version="37601"/>
<author>
<name>Splunk</name>
</author>
<entry>
<title>search</title>
<id>https://localhost:8089/services/search</id>
<updated>2008-06-11T11:30:48-0700</updated>
<link href="https://localhost:8089/services/search" rel="alternate"/>
</entry>
<entry>
<title>data</title>
<id>https://localhost:8089/services/data</id>
<updated>2008-06-11T11:30:48-0700</updated>
<link href="https://localhost:8089/services/data" rel="alternate"/>
</entry>
<entry>
<title>invokeapi</title>
<id>https://localhost:8089/services/invokeapi</id>
<updated>2008-06-11T11:30:48-0700</updated>
<link href="https://localhost:8089/services/invokeapi" rel="alternate"/>
</entry>
<entry>
<title>apps</title>
<id>https://localhost:8089/services/apps</id>
<updated>2008-06-11T11:30:48-0700</updated>
<link href="https://localhost:8089/services/apps" rel="alternate"/>
</entry>
</feed>
Comments
No comments have been submitted.