Using URL path parameters in Splunk REST endpoints

If you wonder how to pass an URL path parameter to your custom REST endpoint in Splunk, please have a look:

December 21, 2021 · 1 min · admin

Enforce arrays for multi-values in Splunk searches

The Splunk SDK for Python is returning for multi-values that only have one entry a string instead of an array. To enforce arrays, you can do the following workaround:

December 20, 2021 · 1 min · admin

More than 100 results using the search-job API in Splunk

If you’re using the @splunk/search-job API and want to return more than the 100 results (the default value), you’ll have to pass count to the getResults function, e.g.: new SearchJob.create({ search: myQuery, }).getResults({ count: 500 });

December 14, 2021 · 1 min · admin

Mapping types using the Splunk search-job API

In case you’re using the @splunk/search-job API you might find it annoying that the properties of the returned objects are all of type string. To fix this, I wrote a little type mapper (The unit test shows how to use it):

December 9, 2021 · 1 min · admin

Using the Dashboard API from a Splunk visualization

How to use the Dashboard API from a Splunk visualization (e.g. to reload the datasource):

November 25, 2021 · 1 min · admin