cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
0
Comments
Shaun Roberts
Cisco Employee
Cisco Employee

XML and CLI based web services

Base API Structure and Background at

http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents

Current Version: 1.0.0.6

Required Version of CPO: 2.3.5

Release date: 05-02-2013

NOTE: This pack requires the automation functions tool pack listed below. It is a community tap so you can use at will but there is no support for it. If you have questions, email me @ shaurobe@cisco.com

You can find information on the Automation Functions Tool pack @

https://supportforums.cisco.com/docs/DOC-30485

Function List

ChangeJobStatus - Controls the status of a search job

Inputs:

Input.Job.Status - what job status to put search job in (cancel, etc)
Input.SearchId - search id of the search job to control

Returns:

Output.Results.XML - XML output of the webcall.


CreateMonitor - Creates a monitor for a file or directory

Inputs:

Input.File.Or.Directory.To.Monitor - input file or directory to setup monitor on

Returns:

Output.XML - XML output of the webcall.


CreateSearchJob - Creates a new search job

Inputs:

Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you

Returns:

Output.Search.Id - search id that is produced from this web call


CreateSearchJobWithTimeBounds - Creates a new search job with time bounded searching

Inputs:

Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you
Input.Earliest.Time - beginning time bound for your search
Input.Latest.Time - ending time bound for your search
Input.Search.TimeOut - how long to keep the search in splunk

Returns:

Output.Search.Id - search id that is produced from this web call


DeleteMonitor - Delete a monitor

Inputs:

Input.Monitor.Name - name of monitor to delete

Returns:

Output.Xml - xml output of webcall


DeleteSavedSearch - deletes a saved search

Inputs:

Input.Saved.Search.Name - name of search to delete

Returns:

Output.XML - XML output of the webcall.


DeleteSearchJob - deletes a search job

Inputs:

Input.Search.Id - search ID to be deleted

Returns:

Output.XML - XML output of the webcall.


GetAllSearches - Returns all searches in system

Inputs:

Input.Max.Count - max amount of results to return
Input.Search - search string to find searches

Returns:

Output.XML - XML output of the webcall.
Output.Search.Count - total amount of searches returned


GetAndSetAuthToken - logs into splunk for further web calls

Inputs:

None (note: You have to configure the username and password on the extended target properties of the splunk web target)

Returns:

None (note: session key and authorization headers are stored in the extended target properties of the splunk web target)


GetDataInputMonitors - searches for data monitors

Inputs:

Input.Max.Count - max amount of monitors to return
Input.Search - search to run for monitors

Returns:

Output.XML - XML output of the webcall.
Output.Search.Count - total amount of monitors returned


GetIndexByName - returns a single index

Inputs:

Input.Index.Name - name of index to get

Returns:

Output.XML - XML output of the webcall.


GetIndexes - searches for multiple indexes

Inputs:

Input.Max.Count - max amount of indexes to return
Input.Search - search criteria when looking for indexesI

Outputs:

Output.XML - XML output of the webcall.
Output.Search.Count - total count of indexes returned


GetMonitorByName - returns one monitor by name

Inputs:

Input.Name - name of monitor to get, this is escaped by function
Input.Return.Members - True to return members of monitor, false to not

Outputs:

Output.Monitor.Results.XML - XML output of the webcall.
Output.Monitor.Member.Results.XML - xml of the members if requested


GetSearchById - returns a single search via ID

Inputs:

Input.SearchId - search ID to return

Outputs:

Output.XML - XML output of the webcall.


GetSearchIDResults - returns results of a search

Inputs:

Input.SearchID - search id to return results of

Outputs:

Output.XML - XML output of the webcall.


GetSearchIDSearchLog - returns log of a search

Inputs:

Input.SearchID - search id to return results of

Outputs:

Output.XML - XML output of the webcall.


GetSearchIDSearchSummary - returns summary of a search

Inputs:

Input.SearchID - search id to return results of

Outputs:

Output.XML - XML output of the webcall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: