cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
827
Views
0
Helpful
0
Comments
Shaun Roberts
Cisco Employee
Cisco Employee

Splunk API Kit for CPO 3.0 or later

 

 

XML and CLI based web services

Base API Structure and Background at

http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents

 

These are not all of the functions in splunk, just the ones that are most useful to the automations built. If you need a function written that is in the API list but not here, please email shaurobe@cisco.com

.

Current Version:  2.0.3.0

Required Version of CPO: 3.0.2

Release date: 10-27-2014

NOTE: The attached automation pack is zipped. Please unzip and then import into PO.

Developer: Shaun Roberts, 2013-2014

 

You can find information on the Automation Functions Tool pack @

 

https://supportforums.cisco.com/document/129151/automation-function-tools-version-2000-10-23-2013

 

 

Updates:

*2.0.3.0 - lots of code updates and cleaning. Added combination functions

*2.0.1.2 - code cleanup around archiving. Usage of new auto function tools

  *2.0.1.0 - updated to work with Splunk's newer API and still allow for it to work with older API calls. (4.X and older)

  *2.0.0.2 - updated methods to only call Splunk API Endpoint target types

 

Function List

 

ChangeJobStatus -  Controls the status of a search job

 

Inputs:

 

Input.Job.Status - what job status to put search job in (cancel, etc)
Input.SearchId - search id of the search job to control

 

Returns:

 

Output.Results.XML - XML output of the webcall.

 


 

CreateMonitor -  Creates a monitor for a file or directory

 

Inputs:

 

Input.File.Or.Directory.To.Monitor - input file or directory to setup monitor on

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

CreateSearchJob -  Creates a new search job

 

Inputs:

 

Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you

 

Returns:

 

Output.Search.Id - search id that is produced from this web call

 


 

CreateSearchJobWithTimeBounds -  Creates a new search job with time bounded searching

 

Inputs:

 

Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you
Input.Earliest.Time - beginning time bound for your search
Input.Latest.Time - ending time bound for your search
Input.Search.TimeOut - how long to keep the search in splunk

 

Returns:

 

Output.Search.Id - search id that is produced from this web call

 


 

DeleteMonitor - Delete a monitor

 

Inputs:

 

Input.Monitor.Name - name of monitor to delete

 

Returns:

 

Output.Xml - xml output of webcall

 


 

DeleteSavedSearch - deletes a saved search

 

Inputs:

 

Input.Saved.Search.Name - name of search to delete

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

DeleteSearchJob - deletes a search job

 

Inputs:

 

Input.Search.Id - search ID to be deleted

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

GetAllSearches - Returns all searches in system

 

Inputs:

 

Input.Max.Count - max amount of results to return
Input.Search - search string to find searches

 

Returns:

 

Output.XML - XML output of the webcall.
Output.Search.Count - total amount of searches returned

 


 

GetAndSetAuthToken - logs into splunk for further web calls

 

Inputs:

 

None (note: You have to configure the username and password on the extended target properties of the splunk web target)

 

Returns:

 

None (note: session key and authorization headers are stored in the extended target properties of the splunk web target)

 


 

GetDataInputMonitors - searches for data monitors

 

Inputs:

 

Input.Max.Count - max amount of monitors to return
Input.Search - search to run for monitors

 

Returns:

 

Output.XML - XML output of the webcall.
Output.Search.Count - total amount of monitors returned

 


 

GetIndexByName - returns a single index

 

Inputs:

 

Input.Index.Name - name of index to get

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

GetIndexes - searches for multiple indexes

 

Inputs:

 

Input.Max.Count - max amount of indexes to return
Input.Search - search criteria when looking for indexesI

 

Outputs:

 

Output.XML - XML output of the webcall.
Output.Search.Count - total count of indexes returned
 

 


 

GetMonitorByName - returns one monitor by name

 

Inputs:

 

Input.Name - name of monitor to get, this is escaped by function
Input.Return.Members - True to return members of monitor, false to not

 

Outputs:

 

Output.Monitor.Results.XML - XML output of the webcall.
Output.Monitor.Member.Results.XML - xml of the members if requested
 

 


 

GetSearchById - returns a single search via ID

 

Inputs:

 

Input.SearchId - search ID to return

 

Outputs:

 

Output.XML - XML output of the webcall.

 

 


 

GetSearchIDResults - returns results of a search

 

Inputs:

 

Input.SearchID - search id to return results of

 

Outputs:

 

Output.XML - XML output of the webcall.
 

 


 

GetSearchIDSearchLog - returns log of a search

 

Inputs:

 

Input.SearchID - search id to return results of

 

Outputs:

 

Output.XML - XML output of the webcall.
 

 


 

GetSearchIDSearchSummary - returns summary of a search

 

Inputs:

 

Input.SearchID - search id to return results of

 

Outputs:

 

Output.XML - XML output of the webcall.
 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: