Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to list defined sourcetypes through API

jbanker
Explorer
‎08-13-2019 12:09 PM

I am looking for a way to list all defined sourcetypes on a Splunk server, using the REST API.

From what little information I can find, it looks like it would be possible to crawl through the configuration files and look for defined sourcetypes, but I'm hoping there is an easier way.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jbanker
Explorer
‎08-14-2019 10:40 AM

So, I found my own answer. For anyone looking to solve this same problem in the future, I used:

https://splunkHost:8089/services/saved/sourcetypes?output_mode=json&count=1000

This gives a nice JSON parseable output of all the defined sourcetypes for a specific instance.

View solution in original post

Reply
Solved! Jump to solution
Solution

jbanker
Explorer
‎08-14-2019 10:40 AM

So, I found my own answer. For anyone looking to solve this same problem in the future, I used:

https://splunkHost:8089/services/saved/sourcetypes?output_mode=json&count=1000

This gives a nice JSON parseable output of all the defined sourcetypes for a specific instance.

Reply
Solved! Jump to solution

traxxasbreaker
Communicator
‎08-13-2019 01:34 PM

From the search bar, try something like this as a starting point:

| rest /servicesNS/-/-/configs/conf-props

Note that if you are in a distributed environment, you might have to specify a splunk_server in your REST call to look at the part of the environment that your sourcetype is defined on (such as an indexer or heavy forwarder).

If you want to look at it from the CLI instead, you would do something like this:

curl -k -u : https://splunkHost:8089/services/configs/conf-props

0 Karma
Reply
Solved! Jump to solution

jbanker
Explorer
‎08-14-2019 07:16 AM

So, it looks like this can give me the sourcetypes that are currently in use by the configured inputs. Unfortunately as I stated, I'm looking to get a list of ALL configured sourcetypes available on a server. What I'm hoping to get is a list similar to what can be seen in the UI when you navigate to "Settings > Source types" or "https://splunkHost/en-US/manager/launcher/sourcetypes"

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
li.common.scroll-to.top