I'm new to Splunk and am somewhat familiar with REST. I am trying to create a new application through the Splunk RESTful API. The installation is on windows and I am attempting to do this via curl on the command line.
The command I'm typing in is as follows:
curl -u myUsername:myPassword -k https://localhost:8089/services/apps/local/_new/ -d "name=MyApp"
I have also tried this as a non-post with the curl command
curl -u myUsername:myPassword -k https://localhost:8089/services/apps/local/_new/?name=MyApp
The first curl command returns the xml that mimics what is displayed on the splunk services server. The second one throws an error. I have also tried the first one with url-encoding the posted data with -data-urlencode
Any suggestions would be greatly appreciated.
What version of Splunk are you using? The following instructions work for 4.1.6.
To create an app, you must provide a name for the new app and a template from which to start:
$ curl -k -u admin:admin -X POST https://localhost:8089/services/apps/local -d 'name=myapp&template=barebones'
This will create an app named 'myapp' based on the barebones template.
In general, '_new' is used to determine what arguments are required to create a new object (or edit an existing one). It is not used to create the objects themselves.
$ curl -u admin:admin -k https://localhost:8089/services/apps/local/_new | xmllint --format - [snip] <s:key name="eai:attributes"> <s:dict> <s:key name="optionalFields"> <s:list> <s:item>author</s:item> <s:item>description</s:item> <s:item>install</s:item> <s:item>label</s:item> <s:item>manageable</s:item> <s:item>template</s:item> <s:item>visible</s:item> </s:list> </s:key> <s:key name="requiredFields"> <s:list> <s:item>name</s:item> </s:list> </s:key> <s:key name="wildcardFields"> <s:list/> </s:key> </s:dict> </s:key> [snip]