Splunk API Kit for CPO 3.0 or later
XML and CLI based web services
Base API Structure and Background at
http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents
These are not all of the functions in splunk, just the ones that are most useful to the automations built. If you need a function written that is in the API list but not here, please email shaurobe@cisco.com
.
Current Version: 2.0.3.0
Required Version of CPO: 3.0.2
Release date: 10-27-2014
NOTE: The attached automation pack is zipped. Please unzip and then import into PO.
Developer: Shaun Roberts, 2013-2014
You can find information on the Automation Functions Tool pack @
https://supportforums.cisco.com/document/129151/automation-function-tools-version-2000-10-23-2013
Updates:
*2.0.3.0 - lots of code updates and cleaning. Added combination functions
*2.0.1.2 - code cleanup around archiving. Usage of new auto function tools
*2.0.1.0 - updated to work with Splunk's newer API and still allow for it to work with older API calls. (4.X and older)
*2.0.0.2 - updated methods to only call Splunk API Endpoint target types
Function List
ChangeJobStatus - Controls the status of a search job
Inputs:
Input.Job.Status - what job status to put search job in (cancel, etc)
Input.SearchId - search id of the search job to control
Returns:
Output.Results.XML - XML output of the webcall.
CreateMonitor - Creates a monitor for a file or directory
Inputs:
Input.File.Or.Directory.To.Monitor - input file or directory to setup monitor on
Returns:
Output.XML - XML output of the webcall.
CreateSearchJob - Creates a new search job
Inputs:
Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you
Returns:
Output.Search.Id - search id that is produced from this web call
CreateSearchJobWithTimeBounds - Creates a new search job with time bounded searching
Inputs:
Input.Max.Count - max count to return to search
Input.Search.Id - search ID to be defined if you do not want a system generated search id
Input.Search.String - search string for splunk - function will escape chracters for you
Input.Earliest.Time - beginning time bound for your search
Input.Latest.Time - ending time bound for your search
Input.Search.TimeOut - how long to keep the search in splunk
Returns:
Output.Search.Id - search id that is produced from this web call
DeleteMonitor - Delete a monitor
Inputs:
Input.Monitor.Name - name of monitor to delete
Returns:
Output.Xml - xml output of webcall
DeleteSavedSearch - deletes a saved search
Inputs:
Input.Saved.Search.Name - name of search to delete
Returns:
Output.XML - XML output of the webcall.
DeleteSearchJob - deletes a search job
Inputs:
Input.Search.Id - search ID to be deleted
Returns:
Output.XML - XML output of the webcall.
GetAllSearches - Returns all searches in system
Inputs:
Input.Max.Count - max amount of results to return
Input.Search - search string to find searches
Returns:
Output.XML - XML output of the webcall.
Output.Search.Count - total amount of searches returned
GetAndSetAuthToken - logs into splunk for further web calls
Inputs:
None (note: You have to configure the username and password on the extended target properties of the splunk web target)
Returns:
None (note: session key and authorization headers are stored in the extended target properties of the splunk web target)
GetDataInputMonitors - searches for data monitors
Inputs:
Input.Max.Count - max amount of monitors to return
Input.Search - search to run for monitors
Returns:
Output.XML - XML output of the webcall.
Output.Search.Count - total amount of monitors returned
GetIndexByName - returns a single index
Inputs:
Input.Index.Name - name of index to get
Returns:
Output.XML - XML output of the webcall.
GetIndexes - searches for multiple indexes
Inputs:
Input.Max.Count - max amount of indexes to return
Input.Search - search criteria when looking for indexesI
Outputs:
Output.XML - XML output of the webcall.
Output.Search.Count - total count of indexes returned
GetMonitorByName - returns one monitor by name
Inputs:
Input.Name - name of monitor to get, this is escaped by function
Input.Return.Members - True to return members of monitor, false to not
Outputs:
Output.Monitor.Results.XML - XML output of the webcall.
Output.Monitor.Member.Results.XML - xml of the members if requested
GetSearchById - returns a single search via ID
Inputs:
Input.SearchId - search ID to return
Outputs:
Output.XML - XML output of the webcall.
GetSearchIDResults - returns results of a search
Inputs:
Input.SearchID - search id to return results of
Outputs:
Output.XML - XML output of the webcall.
GetSearchIDSearchLog - returns log of a search
Inputs:
Input.SearchID - search id to return results of
Outputs:
Output.XML - XML output of the webcall.
GetSearchIDSearchSummary - returns summary of a search
Inputs:
Input.SearchID - search id to return results of
Outputs:
Output.XML - XML output of the webcall.