This course is designed for application developers and administrators that want to utilize the Splunk REST API. In this course, you will learn how to make REST API requests and parse the server responses. Major topics include authentication, server administration, and implementation of a variety of search types. You will also ingest data using the HTTP Event Collector and manage application data using the Key-Value Store.

This course is for application developers and administrators.

Administrators

Application developers

Engineers
 

To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:

○ Splunk Enterprise System Administration

○ Splunk Enterprise Data Administration

● Additional courses and/or knowledge in these areas are also highly recommended:

○ Python, JavaScript,

or other scripting languages

Module 1 – Splunk REST API

● Introduce REST

● Review HTTP requests

● Describe the Splunk REST API

● Discuss authentication methods

Module 2 – Response Data

● Review HTTP responses

● Describe the Atom specification

● Demonstrate how to retrieve JSON

● Explain how to parse a response

Module 3 – Administration APIs

● Introduce the administration APIs

● Update configuration files

● Work with indexes

● Manage users

Module 4 – Namespaces and Access Control

● Introduce namespaces

● Explain namespace use cases

● Implement access control

Module 5 – Search

● Identify search components

● Review search best practices

● Create a search and retrieve results

● Discuss oneshot searches

Module 6 – Advanced Search

● Utilize real-time searches

● Summarize export searches

● Construct saved searches

● Understand search job management

Module 7 – HTTP Event Collector

● Describe the HTTP Event Collector

● Explain token management

● Explore data ingestion

● Implement data acknowledgement

Module 8 – Key-Value Store

● Examine the Key-Value Store

● Define and manage a collection

● Create and manage records