Detailed Course Outline
Module 1 – Introduction to the Splunk REST API
- Introduce the Splunk development environment and its REST endpoints
- Connect to the appropriate Splunk server to accomplish a desired task
- Authenticate with a Splunk server, with and without a session
Module 2 – Namespaces and Object Management
- Understand general CRUD with the REST API
- Identify how a namespace affects access to objects
- Use the servicesNS node and a namespace to access objects
- Understand how the sharing level and access control lists affect access to objects
- Modify the sharing level and the permissions on an object
Module 3 – Parsing Output
- Understand the general structure of Atom-based output
- Format Atom-based XML and JSON output
- Write code that uses the API and parse responses
Module 4 – Oneshot Searches
- Review search language syntax and search best practices
- Execute one shot searches
- Get search results and parse them
Module 5 – Normal and Export Searches
- Identify types of searches
- Execute normal and export searches
- Get search results, job status and search job properties.
Module 6 – Advanced Searching and Job Management
- Execute real time searches
- Work with saved searches
- Manage search jobs
Module 7 – Working with KV Stores
- Define the function of a KV Store
- Define collections and records
- Perform CRUD operations on collections and records
Module 8 – Using the HTTP Event Collector (HEC)
- Create and use HEC tokens
- Input data using HEC endpoints
- Get indexer event acknowledgements
Module 9 – Useful Admin REST APIs
- Get system information
- Manage Splunk configuration files
- Manage Indexes
Module 10 – Custom REST Endpoints
- Extending the Splunk REST API
- Publish your own endpoints
- Using custom REST API endpoints