version 5.0.2
Looking through the documentation, but nothing is jumping out at me as to how to create a View for an app dynamically via REST or C# SDK. I'll be creating the XML on the fly and would like to send it to Splunk programatically as opposed to copy / paste through the user interface.
Thanks - sorry if this is a ridiculous question.
You're not crazy. For some reason the /data/ui/views
endpoint is missing from the REST API reference.
It's simple though. With views there are only 2 relevant properties to get/set: "name", which ends up being the filename on disk as well as the URL segment, and eai:data
, which is the XML string.
To give an example off the top of my head, to add a system-owned view called "myView" to "myApp" just POST to
/servicesNS/nobody/myApp/data/ui/views/_new
and pass "name" set to "myView", and "eai:data" set to the desired XML. As with other namespaced REST calls, you would set permissions and ownership by incorporating usernames in URL as appropriate and setting the "eai:acl" property as appropriate in your POST.
Am I missing something here. I submit eai:data and I get:
In handler 'views':
Argument "eai:data" is not supported
by this handler.
The curl I'm running is:
curl -v -H "Content-Type: application/xml" -X POST -d name=test00013210 -d eai:data=%3Cdashboard%20%2F%3E -u admin:changeme -k hxxps://localhost:8091/servicesNS/admin/search/data/ui/views/_new
Tried it for myself and indeed, something about posting to the _new endpoint doesn't work here. I can't figure it out either. I can do a nice simple curl POST -d eai:data="<dashboard />" -u admin:changeme -k https://localhost:8089/servicesNS/admin/search/data/ui/views/existing_view_name
and it works great.
But whenever I try anything to _new, I get that same error you're getting.
HI sideview,
how to get value of eai:data?
so in curl you mentioned "/admin/search/" here "search" is the app having the view?
And i am getting "Argument " name" is not supported by this handler."
Looking for an answer on this!
You're not crazy. For some reason the /data/ui/views
endpoint is missing from the REST API reference.
It's simple though. With views there are only 2 relevant properties to get/set: "name", which ends up being the filename on disk as well as the URL segment, and eai:data
, which is the XML string.
To give an example off the top of my head, to add a system-owned view called "myView" to "myApp" just POST to
/servicesNS/nobody/myApp/data/ui/views/_new
and pass "name" set to "myView", and "eai:data" set to the desired XML. As with other namespaced REST calls, you would set permissions and ownership by incorporating usernames in URL as appropriate and setting the "eai:acl" property as appropriate in your POST.