AgentSkillsCN

Splunk Rest Admin

Splunk Rest 管理

SKILL.md

splunk-rest-admin

Programmatic access to internal configurations via REST command.

Purpose

Query and manage Splunk server configurations, users, roles, and system info.

Risk Levels

OperationRiskNotes
REST GET request-Read-only
Get server info-Read-only
List users/roles-Read-only
REST POST request⚠️⚠️May modify server config

Triggers

  • "rest", "admin", "config"
  • "server", "settings", "info"

CLI Commands

CommandDescription
admin infoGet server information
admin statusGet server status
admin healthGet server health
admin list-usersList all users
admin list-rolesList all roles
admin rest-getMake GET request to REST endpoint
admin rest-postMake POST request to REST endpoint

REST Options

OptionDescription
-d, --dataJSON data payload for POST requests
-a, --appApp context for REST requests
--ownerOwner context for REST requests
-o, --outputOutput format (text, json)

Examples

bash
# Get server info
splunk-as admin info
splunk-as admin info --output json

# Get server status
splunk-as admin status
splunk-as admin status --output json

# Get server health
splunk-as admin health
splunk-as admin health --output json

# List users
splunk-as admin list-users

# List roles
splunk-as admin list-roles

# REST GET request - users
splunk-as admin rest-get /services/authentication/users

# REST GET request - server info
splunk-as admin rest-get /services/server/info

# REST GET request - apps with app/owner context
splunk-as admin rest-get /services/apps/local --app search --owner admin

# REST POST request with app/owner context
splunk-as admin rest-post /services/saved/searches -d '{"name": "test"}' --app search --owner admin

SPL Patterns

spl
| rest /services/server/info
| rest /services/authentication/users
| rest /services/admin/conf-times