JSON is now a first-class citizen
With Splunk Enterprise 5, you can now access every API endpoint and request the output in JSON – simply append:
to your query string and you’re ready to go. Working with JSON is easy, there’s no need for parsing like with XML. And JSON extraction is now automatic, so you don’t have to use the ‘spath‘ command to extract data.
curl -k -u admin:changeme https://localhost:8089/services/saved/searches?output_mode=json
API versioning is now available
As the Splunk REST API evolves we’ll provide version numbers so you can reliably support any applications that rely on API calls. Support for API versioning ensures that you can decide when to take changes and avoid surprise application breakages by making version-specific calls.
curl -k -u admin:changeme https://localhost:8089/v5.0/services/search/jobs
Developers also have access to all of the other great new features in Splunk Enterprise 5, like report acceleration, dynamic drilldowns and integrated PDF capabilities. It’s a great time to be a developer working with Splunk, the platform and tools make it easy to integrate Splunk data into external applications, log directly from remote devices and programmatically extract data for long-term data warehousing.