Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Create View with REST?

nathankc
Engager
‎07-23-2013 03:51 PM

version 5.0.2

Looking through the documentation, but nothing is jumping out at me as to how to create a View for an app dynamically via REST or C# SDK. I'll be creating the XML on the fly and would like to send it to Splunk programatically as opposed to copy / paste through the user interface.

Thanks - sorry if this is a ridiculous question.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-23-2013 04:14 PM

You're not crazy. For some reason the /data/ui/views endpoint is missing from the REST API reference.

It's simple though. With views there are only 2 relevant properties to get/set: "name", which ends up being the filename on disk as well as the URL segment, and eai:data, which is the XML string.

To give an example off the top of my head, to add a system-owned view called "myView" to "myApp" just POST to

/servicesNS/nobody/myApp/data/ui/views/_new

and pass "name" set to "myView", and "eai:data" set to the desired XML. As with other namespaced REST calls, you would set permissions and ownership by incorporating usernames in URL as appropriate and setting the "eai:acl" property as appropriate in your POST.

View solution in original post

Reply
Solved! Jump to solution

fman82
Explorer
‎02-26-2014 01:11 PM

Am I missing something here. I submit eai:data and I get:

In handler 'views':
Argument "eai:data" is not supported
by this handler.

The curl I'm running is:

curl -v -H "Content-Type: application/xml" -X POST -d name=test00013210 -d eai:data=%3Cdashboard%20%2F%3E  -u admin:changeme  -k hxxps://localhost:8091/servicesNS/admin/search/data/ui/views/_new
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎02-27-2014 10:21 AM

Tried it for myself and indeed, something about posting to the _new endpoint doesn't work here. I can't figure it out either. I can do a nice simple curl POST -d eai:data="<dashboard />" -u admin:changeme -k https://localhost:8089/servicesNS/admin/search/data/ui/views/existing_view_name and it works great.

But whenever I try anything to _new, I get that same error you're getting.

0 Karma
Reply
Solved! Jump to solution

ganesh_crms
New Member
‎07-24-2019 12:06 AM

HI sideview,
how to get value of eai:data?

so in curl you mentioned "/admin/search/" here "search" is the app having the view?
And i am getting "Argument " name" is not supported by this handler."

0 Karma
Reply
Solved! Jump to solution

deanilol
Explorer
‎04-05-2015 06:53 AM

Looking for an answer on this!

0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-23-2013 04:14 PM

You're not crazy. For some reason the /data/ui/views endpoint is missing from the REST API reference.

It's simple though. With views there are only 2 relevant properties to get/set: "name", which ends up being the filename on disk as well as the URL segment, and eai:data, which is the XML string.

To give an example off the top of my head, to add a system-owned view called "myView" to "myApp" just POST to

/servicesNS/nobody/myApp/data/ui/views/_new

and pass "name" set to "myView", and "eai:data" set to the desired XML. As with other namespaced REST calls, you would set permissions and ownership by incorporating usernames in URL as appropriate and setting the "eai:acl" property as appropriate in your POST.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...