Splunk
Splunk is a platform for searching, monitoring, and analyzing machine-generated big data via a web-style interface.
APIs
Splunk
API monitoring checks to see if API-connected resources are available, working properly and responding to calls.
Splunk Enterprise REST API
The Splunk Enterprise REST API provides programmatic access to the same information and functionality available to core system software and Splunk Web. It supports GET, POST, an...
Splunk Cloud Platform REST API
The Splunk Cloud Platform REST API provides a subset of the Splunk Enterprise REST API endpoints for managing and interacting with your Splunk Cloud Platform deployment. Access ...
Splunk Cloud Admin Config Service (ACS) API
The Admin Config Service (ACS) is a cloud-native API that provides programmatic self-service administration capabilities for Splunk Cloud Platform. Administrators can use the AC...
Splunk Cloud ACS OpenAPI Specification
The OpenAPI 3.0 specification for the Splunk Cloud Admin Config Service (ACS) API. It includes all parameters, response codes, and other metadata needed to send requests to the ...
Splunk Observability Cloud API
The Splunk Observability Cloud API provides REST endpoints for sending and managing metrics, traces, and events. It supports infrastructure monitoring, application performance m...
Splunk SOAR REST API
The Splunk SOAR REST API enables programmatic creation, updating, and management of security automation objects including containers, assets, playbooks, indicators, lists, and a...
Splunk Enterprise Security API
The Splunk Enterprise Security API provides REST endpoints for accessing and modifying findings, investigations, risk scores, assets, and identities in Splunk Enterprise Securit...
Splunk IT Service Intelligence (ITSI) REST API
The Splunk IT Service Intelligence (ITSI) REST API allows bulk creation and updating of ITOA interface objects such as entities, services, and KPI base searches. ITSI is a monit...
Splunk HTTP Event Collector (HEC) API
The Splunk HTTP Event Collector (HEC) is a high-performance REST API data input that accepts JSON or raw text data sent over HTTP or HTTPS. It uses token-based authentication an...
Splunk Intelligence Management API
The Splunk Intelligence Management (formerly ThreatStream) API provides REST v2.0 endpoints for managing threat intelligence data including indicators, observables, and intellig...
Splunk SOAR Playbook Automation API
The Splunk SOAR Playbook Automation API provides Python APIs for developing playbooks and automation within Splunk SOAR. It includes container, playbook, data access, vault, net...
Splunk AppInspect API
The Splunk AppInspect API validates Splunk apps and add-ons against Splunk best practices and requirements for publishing to Splunkbase or installing on Splunk Cloud Platform. I...
Collections
Splunk Enterprise REST API
POSTMANArazzo Workflows
Splunk Finalize, Read, and Clean Up a Search Job
Dispatch a long search, finalize it early, read partial results, then delete the job.
ARAZZOSplunk HEC Ingest an Event and Confirm Indexing
Provision a HEC token with acknowledgment, send a JSON event, and confirm it was indexed.
ARAZZOSplunk Provision an Index and Attach a Monitor Input
Create an event index, verify it, then create a file monitor input that feeds it.
ARAZZOSplunk Ingest Raw Data then Search for It
Send raw text to HEC, then run an SPL search and poll it to confirm the data landed.
ARAZZOSplunk Run a Search Job and Retrieve Results
Dispatch an SPL search, poll the job until it finishes, then read the results.
ARAZZOSplunk Search and Retrieve Raw Events
Run an SPL search, wait for it to finish, then pull the untransformed events.
ARAZZOGraphQL
Splunk GraphQL Schema
Conceptual GraphQL schema for the Splunk platform, covering search, indexing, data inputs, access control, dashboards, saved searches, metrics, clustering, licensing, and diagno...
GRAPHQLPricing Plans
Rate Limits
FinOps
Splunk Finops
FINOPSFeatures
Use Cases
Centralize security event data for real-time threat detection, investigation, and compliance reporting.
Monitor infrastructure health, application performance, and service availability across hybrid environments.
Collect, index, and analyze log data from servers, applications, and network devices for troubleshooting.
Automate security incident triage, enrichment, and response using SOAR playbooks and integrations.
Trace application requests end-to-end to identify bottlenecks and optimize performance.
Generate compliance reports and audit trails from indexed data to meet regulatory requirements.
Integrations
Ingest and analyze AWS CloudTrail, CloudWatch, VPC Flow Logs, and other AWS service data.
Collect and analyze Azure activity logs, metrics, and diagnostic data.
Ingest Google Cloud audit logs, metrics, and Pub/Sub messages for cloud monitoring.
Monitor Kubernetes clusters with metrics, logs, and events from containers and orchestration.
Integrate Splunk alerts and incidents with ServiceNow ITSM for ticketing and workflow automation.
Trigger PagerDuty incidents from Splunk alerts for on-call notification and escalation.
Collect and analyze Cisco network device logs, firewall events, and security telemetry.
Ingest CrowdStrike Falcon endpoint detection data for correlated threat analysis.