cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Splunk API Kit for CPO

572
Views
0
Helpful
0
Comments

Splunk API Kit for CPO 3.0 or later

 

 

XML and CLI based web services

Base API Structure and Background at

http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents

 

These are not all of the functions in splunk, just the ones that are most useful to the automations built. If you need a function written that is in the API list but not here, please email shaurobe@cisco.com

.

Current Version:  2.0.3.0

Required Version of CPO: 3.0.2

Release date: 10-27-2014

NOTE: The attached automation pack is zipped. Please unzip and then import into PO.

Developer: Shaun Roberts, 2013-2014

 

You can find information on the Automation Functions Tool pack @

 

https://supportforums.cisco.com/document/129151/automation-function-tools-version-2000-10-23-2013

 

 

Updates:

*2.0.3.0 - lots of code updates and cleaning. Added combination functions

*2.0.1.2 - code cleanup around archiving. Usage of new auto function tools

  *2.0.1.0 - updated to work with Splunk's newer API and still allow for it to work with older API calls. (4.X and older)

  *2.0.0.2 - updated methods to only call Splunk API Endpoint target types

 

Function List

 

ChangeJobStatus -  Controls the status of a search job

 

Inputs:

 

Input.Job.Status - what job status to put search job in (cancel, etc)
Input.SearchId - search id of the search job to control

 

Returns:

 

Output.Results.XML - XML output of the webcall.

 


 

CreateMonitor -  Creates a monitor for a file or directory

 

Inputs:

 

Input.File.Or.Directory.To.Monitor - input file or directory to setup monitor on

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

CreateSearchJob -  Creates a new search job

 

Inputs:

 

Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you

 

Returns:

 

Output.Search.Id - search id that is produced from this web call

 


 

CreateSearchJobWithTimeBounds -  Creates a new search job with time bounded searching

 

Inputs:

 

Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you
Input.Earliest.Time - beginning time bound for your search
Input.Latest.Time - ending time bound for your search
Input.Search.TimeOut - how long to keep the search in splunk

 

Returns:

 

Output.Search.Id - search id that is produced from this web call

 


 

DeleteMonitor - Delete a monitor

 

Inputs:

 

Input.Monitor.Name - name of monitor to delete

 

Returns:

 

Output.Xml - xml output of webcall

 


 

DeleteSavedSearch - deletes a saved search

 

Inputs:

 

Input.Saved.Search.Name - name of search to delete

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

DeleteSearchJob - deletes a search job

 

Inputs:

 

Input.Search.Id - search ID to be deleted

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

GetAllSearches - Returns all searches in system

 

Inputs:

 

Input.Max.Count - max amount of results to return
Input.Search - search string to find searches

 

Returns:

 

Output.XML - XML output of the webcall.
Output.Search.Count - total amount of searches returned

 


 

GetAndSetAuthToken - logs into splunk for further web calls

 

Inputs:

 

None (note: You have to configure the username and password on the extended target properties of the splunk web target)

 

Returns:

 

None (note: session key and authorization headers are stored in the extended target properties of the splunk web target)

 


 

GetDataInputMonitors - searches for data monitors

 

Inputs:

 

Input.Max.Count - max amount of monitors to return
Input.Search - search to run for monitors

 

Returns:

 

Output.XML - XML output of the webcall.
Output.Search.Count - total amount of monitors returned

 


 

GetIndexByName - returns a single index

 

Inputs:

 

Input.Index.Name - name of index to get

 

Returns:

 

Output.XML - XML output of the webcall.

 


 

GetIndexes - searches for multiple indexes

 

Inputs:

 

Input.Max.Count - max amount of indexes to return
Input.Search - search criteria when looking for indexesI

 

Outputs:

 

Output.XML - XML output of the webcall.
Output.Search.Count - total count of indexes returned
 

 


 

GetMonitorByName - returns one monitor by name

 

Inputs:

 

Input.Name - name of monitor to get, this is escaped by function
Input.Return.Members - True to return members of monitor, false to not

 

Outputs:

 

Output.Monitor.Results.XML - XML output of the webcall.
Output.Monitor.Member.Results.XML - xml of the members if requested
 

 


 

GetSearchById - returns a single search via ID

 

Inputs:

 

Input.SearchId - search ID to return

 

Outputs:

 

Output.XML - XML output of the webcall.

 

 


 

GetSearchIDResults - returns results of a search

 

Inputs:

 

Input.SearchID - search id to return results of

 

Outputs:

 

Output.XML - XML output of the webcall.
 

 


 

GetSearchIDSearchLog - returns log of a search

 

Inputs:

 

Input.SearchID - search id to return results of

 

Outputs:

 

Output.XML - XML output of the webcall.
 

 


 

GetSearchIDSearchSummary - returns summary of a search

 

Inputs:

 

Input.SearchID - search id to return results of

 

Outputs:

 

Output.XML - XML output of the webcall.
 

This widget could not be displayed.