Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

In Splunk IT Service Intelligence(ITSI), how do I create a new glass table through REST API call?

PowerPacked
Builder
‎11-01-2018 11:39 AM

Hi Guys,

I would like to create new glass tables through Rest API calls. But, I am failing as I'm not able to pass proper arguments needed for POST action of API call of ITSI glass table.

for example: 

 curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/entity -H "Content-Type: 
     application/json" -X POST -d '{"component": ["PerProcess"],"informational": {"fields": ["info"],"values": ["field"]},"_version": 
     "3.0.0","title": "PerProcess","object_type": "entity","_type":"entity","identifier": {"fields": ["component"],"values": 
     ["PerProcess"]}}'

This above call creates a new Entity in ITSI through Rest API call which is given in this doc:
http://docs.splunk.com/Documentation/ITSI/3.0.1/RESTAPI/ITSIRESTAPIreference

i would like to create a new Glass Table in this way.

End point still not working in updated & new ITSI v 4.0

Help is appreciated

Thanks

0 Karma
Reply

mitani
New Member
‎04-18-2019 02:16 PM

try this:

curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/itoa_interface/glass_table -H "Content-Type:
application/json" -X POST -d '{
"content": [

],
"acl": {
    "can_share_global": true,
    "sharing": "app",
    "perms": {
        "read": [
            "*"
        ],
        "write": [
            "*"
        ]
    },
    "can_write": true,
    "owner": "xxx",
    "can_share_app": true,
    "modifiable": true,
    "can_change_perms": true,
    "can_share_user": true
},
"identifying_name": "xxx",
"title": "xxx",
"_owner": "nobody",
"_user": "nobody"

}'

Change XXX to your needs.

Good luck!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...