Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Can the .spec be retrieved via REST
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Similar to fetching config by namespace via REST - Configuration Endpoints, is there a way to access the .spec defined for different config files via REST API?
Edit: spelling.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Answering my own question. After digging around I discovered in the default restmap.conf a reference to
[spec:spec]
match=/configs/specWhat appears to be merged spec from all apps is available, however I cannot find any documentation of the input params. "filename" and "stanza" I was able to guess.
/services/config/spec?filename=alert_actions
{
"filename": "alert_actions",
"stanzas": [
{
"stanza": "default",
"rawStanza": "default"
},
{
"stanza": "email",
"rawStanza": "email"
},
{
"stanza": "logevent",
"rawStanza": "logevent"
},
{
"stanza": "lookup",
"rawStanza": "lookup"
},
{
"stanza": "outputtelemetry",
"rawStanza": "outputtelemetry"
},
{
"stanza": "populate_lookup",
"rawStanza": "populate_lookup"
},
{
"stanza": "rss",
"rawStanza": "rss"
},
{
"stanza": "script",
"rawStanza": "script"
},
{
"stanza": "summary_index",
"rawStanza": "summary_index"
},
{
"stanza": "webhook",
"rawStanza": "webhook"
}
]
}
and deeper inspection by passing the 'stanza' parameter
/services/configs/spec?filename=alert_actions&stanza=email
{
"filename": "alert_actions",
"stanza": "email",
"settings": [
{
"name": "alert.execute.cmd",
"placeholder": "<string>"
},
{
"name": "alert.execute.cmd.arg.<n>",
"placeholder": "<string>"
},
{
"name": "auth_password",
"placeholder": "<password>"
}
]
... elided
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Answering my own question. After digging around I discovered in the default restmap.conf a reference to
[spec:spec]
match=/configs/specWhat appears to be merged spec from all apps is available, however I cannot find any documentation of the input params. "filename" and "stanza" I was able to guess.
/services/config/spec?filename=alert_actions
{
"filename": "alert_actions",
"stanzas": [
{
"stanza": "default",
"rawStanza": "default"
},
{
"stanza": "email",
"rawStanza": "email"
},
{
"stanza": "logevent",
"rawStanza": "logevent"
},
{
"stanza": "lookup",
"rawStanza": "lookup"
},
{
"stanza": "outputtelemetry",
"rawStanza": "outputtelemetry"
},
{
"stanza": "populate_lookup",
"rawStanza": "populate_lookup"
},
{
"stanza": "rss",
"rawStanza": "rss"
},
{
"stanza": "script",
"rawStanza": "script"
},
{
"stanza": "summary_index",
"rawStanza": "summary_index"
},
{
"stanza": "webhook",
"rawStanza": "webhook"
}
]
}
and deeper inspection by passing the 'stanza' parameter
/services/configs/spec?filename=alert_actions&stanza=email
{
"filename": "alert_actions",
"stanza": "email",
"settings": [
{
"name": "alert.execute.cmd",
"placeholder": "<string>"
},
{
"name": "alert.execute.cmd.arg.<n>",
"placeholder": "<string>"
},
{
"name": "auth_password",
"placeholder": "<password>"
}
]
... elided
}
New Year, New Changes for Splunk Certifications
[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables
Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...
