Showing results for 
Search instead for 
Did you mean: 

Pondering Automation: Unlocking the potential of Splunk

Shaun Roberts
Cisco Employee

Howdy out there in Automation Land! Hope the day finds you well as Winter begins to melt into Spring. (at least in Houston it is) This blogs topic will be a little more technical and a little deeper than normal. We are going to look at an API set I built for Splunk and something we use a lot internally in Cisco. It has been successful in allowing us to search through mass amounts of data in short time spans and I think it can do the same for you. I have put together a semi-full API set for Splunk and want to share it with you! I hope this helps spawn some ideas and helps you also want to help grow the developer community for CPO. I know it's quite small currently but we really want to grow this over the next year and we need your help!


So why and how did I do what I did with Splunk? We needed something to do massive text/data diving and CPO cannot do that of course. So we had to find a 3rd party application and Splunk was it. Splunk is quite nice and you can find information at however this will not be a commercial for Splunk . After searching I found the web API documentation and mired myself in it for a few weeks and decided it was time to create an API set in CPO. By creating API sets we can build the foundation of what is possible in CPO and we can improve the developer community of it. So far I've been able to build APIs for salesforce, splunk, jira, and a handful of home grown applications. It is amazing what you can do when you use web APIs to expand what CPO can do. Without getting too technical here I was able to review the Splunk API and then write the POST, GET, DELETE, etc calls to the Splunk API and then package them up into an automation pack and share them with the masses! CPO sets up great to be able to build this blocks for our future developers using automation packs and now (in 3.0) using target types and doing our development in a more object oriented (ish) nature. I have built the basic blocks of the API so you can now take it and run with it and not have to worry about the deep weeds stuff. However, part of that, is knowing what's in the weeds so this blog and the associated video is all about the "weeds" of the Splunk API set. There are a couple of automation packs that go into making this set and I will not post them here, however you are welcome to email me at the email below and ask for them. Of course, they come with no warranty, no support, and they are use at your own risk. Much like any opensource/sourceforge project, the code is only as good as what the developer uses it for and builds on top of it. I hope this helps you or at a minimum gives you more ideas on what you can automate and develop!





Location of TAP:



Shaun's Monthly Q/A


No questions this month! Hopefully we'll get some in to answer for next time!


Every month I will pick a handful of questions from you, the reading CPO public, to answer in this part of the blog. Please post comments/questions below. I will no longer be using the external e-mail from previous blogs.


Please also let me know if you like the format of this blog and what else you would like to see/know about. Feel free to give any ideas as to future blog posts, etc and I will be happy to post them. I hope to do more how-tos, best practices, tips, tricks, and hopefully some interviews of the important people behind the scenes of CPO.



WEEKLY     AUTOMATION BLOG DISCLAIMER: As always, this is a blog and my (Shaun     Roberts) thoughts on CPO, my thoughts on best practices, and my     experiences with the product and customers. The above views are in no     way representative of Cisco or any of it's partners, etc. None of   these   views, etc are supported and this is not a place to find   standard   product support. If you need standard product support please   do so via   the current call in numbers on or email



Thanks to all for reading and happy automating!



-Shaun Roberts

Content for Community-Ad
This widget could not be displayed.