Documentation: 3.4.1
Print Version Contents
This page last updated: 07/03/08 08:07pm

Output formats via XML

Splunk's REST endpoints provide two different XML response formats: generic and ATOM based. In addition, some search endpoints are capable of returning other formats including CSV, raw text, XML, and JSON. Use output_mode, as described in search jobs to specify the format for search results.

Example Generic Response

<response>
    <parentNode>
        <dataNode></dataNode>
        <dataNode></dataNode>
        <dataNode></dataNode>
    </parentNode>
</response>

Example Generic Response with Messaging

<response>
    <messages>
        <msg type="DEBUG">this is a message</msg>
        <msg type="INFO">this is a message</msg>
        <msg type="WARN">this is a message</msg>
        <msg type="ERROR">this is a message</msg>
        <msg type="SIGNAL">this is a message</msg>
        <msg type="PERSISTENT">this is a message</msg>
    </messages>
</response>

Generic Response with Messaging (via error codes)

<response>
    <messages>
        <msg type="DEBUG" code="1001"></msg>
        <msg type="INFO" code="2038">
            <param name="username">mildred</msg>
            <param name="action">edit</msg>
        </msg>
    </messages>
</response>

Example Atom Feed Response

<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
    <title>properties</title>
    <id>https://localhost:8089/services/properties</id>
    <updated>2008-01-29T11:40:58-0800</updated>
    <generator version="31758"/>
    <author>
        <name>Splunk</name>
    </author>
    <entry>
        <title>alert_actions</title>
        <id>https://localhost:8089/services/properties/alert_actions</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/alert_actions" rel="alternate"/>
    </entry>
    <entry>
        <title>api</title>
        <id>https://localhost:8089/services/properties/api</id>

        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/api" rel="alternate"/>
    </entry>
</feed>

Example Atom Feed with Messaging

<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
    <s:messages>
        <s:msg type="ERROR">this is a message</s:msg>
        <s:msg type="INFO">this is a message</s:msg>
    </s:messages>
    <title>properties</title>
    <id>https://localhost:8089/services/properties</id>
    <updated>2008-01-29T11:40:58-0800</updated>
    <generator version="31758"/>
    <author>
        <name>Splunk</name>
    </author>
    <entry>
        <s:messages>
            <s:msg type="ERROR">this is a message</s:msg>
            <s:msg type="INFO">this is a message</s:msg>
        </s:messages>
        <title>alert_actions</title>
        <id>https://localhost:8089/services/properties/alert_actions</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/alert_actions" rel="alternate"/>
    </entry>
    <entry>
        <title>api</title>
        <id>https://localhost:8089/services/properties/api</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/api" rel="alternate"/>
    </entry>
</feed>

Example Atom Entry Response

<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
    <title>alert_actions</title>
    <id>https://localhost:8089/services/properties/alert_actions</id>
    <updated>2008-01-29T11:40:58-0800</updated>
    <link href="https://localhost:8089/services/properties/alert_actions" rel="alternate"/>
</entry>
Previous: Get started    |    Next: SDKs

Comments

No comments have been submitted.

Log in to comment.