Developing with Splunk's REST API (DSRAPI) – Outline

Outline detalhado do curso

Module 1 – Introduction to the Splunk REST API

  • Introduce the Splunk development environment and its REST endpoints
  • Connect to the appropriate Splunk server to accomplish a desired task
  • Authenticate with a Splunk server, with and without a session

Module 2 – Namespaces and Object Management

  • Understand general CRUD with the REST API
  • Identify how a namespace affects access to objects
  • Use the servicesNS node and a namespace to access objects
  • Understand how the sharing level and access control lists affect access to objects
  • Modify the sharing level and the permissions on an object

Module 3 – Parsing Output

  • Understand the general structure of Atom-based output
  • Format Atom-based XML and JSON output
  • Write code that uses the API and parse responses

Module 4 – Oneshot Searches

  • Review search language syntax and search best practices
  • Execute one shot searches
  • Get search results and parse them

Module 5 – Normal and Export Searches

  • Identify types of searches
  • Execute normal and export searches
  • Get search results, job status and search job properties.

Module 6 – Advanced Searching and Job Management

  • Execute real time searches
  • Work with saved searches
  • Manage search jobs

Module 7 – Working with KV Stores

  • Define the function of a KV Store
  • Define collections and records
  • Perform CRUD operations on collections and records

Module 8 – Using the HTTP Event Collector (HEC)

  • Create and use HEC tokens
  • Input data using HEC endpoints
  • Get indexer event acknowledgements

Module 9 – Useful Admin REST APIs

  • Get system information
  • Manage Splunk configuration files
  • Manage Indexes

Module 10 – Custom REST Endpoints

  • Extending the Splunk REST API
  • Publish your own endpoints
  • Using custom REST API endpoints