Getting Data In

Can we download a bundle using REST API and manipulate a bundle using REST call?

New Member

Friends, I'm playing with the Splunk REST API. I have a Splunk deployment server and one client(running a universal forwarder). I created a deployment app and this is the output in which I am trying to make a REST Call about the deployment app created.

My question is if you notice there is a bundle path "/opt/splunk/var/run/tmp/testing/_server_app_testing-1537306672.bundle"

Can we download the bundle using REST API and can I manipulate the bundle using REST call?

<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>applications</title>
  <id>https://10.x.xxx.xxx:8089/services/deployment/server/applications</id>
  <updated>2018-09-18T17:11:08-07:00</updated>
  <generator build="a0c72a66db66" version="7.1.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/deployment/server/applications/_new" rel="create"/>
  <link href="/services/deployment/server/applications/_acl" rel="_acl"/>
  <opensearch:totalResults>1</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
  <entry>
    <title>_server_app_testing</title>
    <id>https://10.x.xxx.xxx:8089/services/deployment/server/applications/_server_app_testing</id>
    <updated>1969-12-31T16:00:00-08:00</updated>
    <link href="/services/deployment/server/applications/_server_app_testing" rel="alternate"/>
    <author>
      <name>system</name>
    </author>
    <content type="text/xml">
      <s:dict>
        <s:key name="archive">/opt/splunk/var/run/tmp/testing/_server_app_testing-1537306672.bundle</s:key>
        <s:key name="checksum">3488100521637376924</s:key>
        <s:key name="eai:acl">
          <s:dict>
            <s:key name="app"></s:key>
            <s:key name="can_list">1</s:key>
            <s:key name="can_write">1</s:key>
            <s:key name="modifiable">0</s:key>
            <s:key name="owner">system</s:key>
            <s:key name="perms">
              <s:dict>
                <s:key name="read">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
                <s:key name="write">
                  <s:list>
                    <s:item>admin</s:item>
                    <s:item>splunk-system-role</s:item>
                  </s:list>
                </s:key>
              </s:dict>
            </s:key>
            <s:key name="removable">0</s:key>
            <s:key name="sharing">system</s:key>
          </s:dict>
        </s:key>
        <s:key name="eai:attributes">
          <s:dict>
            <s:key name="optionalFields">
              <s:list>
                <s:item>continueMatching</s:item>
                <s:item>deinstall</s:item>
                <s:item>excludeFromUpdate</s:item>
                <s:item>filterType</s:item>
                <s:item>machineTypesFilter</s:item>
                <s:item>repositoryLocation</s:item>
                <s:item>restartSplunkWeb</s:item>
                <s:item>restartSplunkd</s:item>
                <s:item>serverclass</s:item>
                <s:item>stateOnClient</s:item>
                <s:item>targetRepositoryLocation</s:item>
                <s:item>tmpFolder</s:item>
                <s:item>unmap</s:item>
              </s:list>
            </s:key>
            <s:key name="requiredFields">
              <s:list/>
            </s:key>
            <s:key name="wildcardFields">
              <s:list>
                <s:item>blacklist\..*</s:item>
                <s:item>whitelist\..*</s:item>
              </s:list>
            </s:key>
          </s:dict>
        </s:key>
        <s:key name="excludeFromUpdate"></s:key>
        <s:key name="issueReload">0</s:key>
        <s:key name="loadtime">Tue Sep 18 14:37:52 2018</s:key>
        <s:key name="restartIfNeeded">0</s:key>
        <s:key name="restartSplunkWeb">0</s:key>
        <s:key name="restartSplunkd">0</s:key>
        <s:key name="serverclasses">
          <s:list>
            <s:item>testing</s:item>
          </s:list>
        </s:key>
        <s:key name="size">10240</s:key>
        <s:key name="stateOnClient">noop</s:key>
      </s:dict>
    </content>
  </entry>
</feed>
0 Karma