Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a reference listing all the EAI paths for all resource types?

sideview
SplunkTrust
SplunkTrust
‎10-21-2010 10:35 PM

Reverse engineering this stuff from the logs and existing usage in SplunkWeb's python code, I see a lot of things use the big flat 'admin/foo' paths to get/set data in EAI. However I also know vaguely from overhearing conversations at Splunk that this big flat list of 'admin/foo' endpoints is considered less than ideal and I thought I overheard that for each of them there is a more fundamental endpoint that we're all supposed to use.

And another data point is that I know that I can usually go to https://localhost:8089/servicesNS/admin/<app_name>/data , click past the stern security warnings from firefox, and there I should be able to drive to the stuff I want.

Then once I've found it, its easy to determine the proper EAI path by just looking at the browser URL.

The problem is that I cant find the 'proper' path for macros, and i cant find any path at all for extractions that are defined in props.conf

eg:

1) if I want to get a macro using the splunk.entity class in python, the only path I know is 'admin/macros', as in

splunk.entity.getEntity("admin/macros", "my_macro_name", namespace="my_app_name", owner="splunk.auth.getCurrentUser()['name'])

2) And I have an extracted field that is defined in my app and I cannot find a way to get this at all from EAI. (Maybe it would be there if I had defined it over in transforms and merely referred to it from props? )

Thanks in advance for any and all help.

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-21-2010 11:50 PM
  1. I'd suggest going to the manager/admin screen in the GUI (or doing something using the CLI if you prefer that), then looking at what pages are hit in the splunkd_access.log. I found: https://localhost:8089/servicesNS/-/search/admin/macros, which generalizes to https://localhost:8089/servicesNS/-/-/admin/macros, which I guess is what you have anyway, as it just incorporates the owner and the app namespace in the URL.
  2. https://localhost:8089/services/data/props/extractions, or the namespaced version at https://localhost:8089/servicesNS/-/-/data/props/extractions

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-21-2010 11:50 PM
  1. I'd suggest going to the manager/admin screen in the GUI (or doing something using the CLI if you prefer that), then looking at what pages are hit in the splunkd_access.log. I found: https://localhost:8089/servicesNS/-/search/admin/macros, which generalizes to https://localhost:8089/servicesNS/-/-/admin/macros, which I guess is what you have anyway, as it just incorporates the owner and the app namespace in the URL.
  2. https://localhost:8089/services/data/props/extractions, or the namespaced version at https://localhost:8089/servicesNS/-/-/data/props/extractions
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎10-22-2010 12:16 AM

Yea, for macros i can only find the admin/macros path, and i always thought those admin ones were hacks and not to be used. And for props I cant find anything. URLs in splunkd_access for the macros list page in manager is /servicesNS/admin//admin/data/props/extractions/, but the entity class only gives back 404's and 500's for any combination of those segments...

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...