You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2280 lines
59 KiB

5 months ago
# Version 9.2.2.20240415
# DO NOT EDIT THIS FILE!
# Changes to default files will be lost on update and are difficult to
# manage and support.
#
# Please make any changes to system defaults by overriding them in
# apps or $SPLUNK_HOME/etc/system/local
# (See "Configuration file precedence" in the web documentation).
#
# To override a specific setting, copy the name of the stanza and
# setting to the file where you wish to override it.
#
# This file contains possible attributes and values you can use to configure Splunk's web interface.
#
[default]
[settings]
# enable/disable the appserver
startwebserver = 1
# port number tag is missing or 0 the server will NOT start an http listener
# this is the port used for both SSL and non-SSL (we only have 1 port now).
httpport = 8000
# this determines whether to start SplunkWeb in http or https.
enableSplunkWebSSL = false
# location of splunkd; don't include http[s]:// in this anymore.
mgmtHostPort = 127.0.0.1:8089
# list of ports to start python application servers on (although usually
# one port is enough)
#
# In the past a special value of "0" could be passed here to disable
# the modern UI appserver infrastructure, but that is no longer supported.
appServerPorts = 8065
# default timeout, in seconds, when communicating with splunkd
splunkdConnectionTimeout = 30
# enable/disable custom netloc when using http client
enableSplunkWebClientNetloc = False
# SSL certificate files.
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
# SSL settings
# The following provides modern TLS configuration that guarantees forward-
# secrecy and efficiency. This configuration drops support for old operating
# systems (e.g. Windows Vista).
# To add support for Windows Vista set sslVersions to tls and add these
# ciphers to cipherSuite:
# ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:
# ECDHE-RSA-AES128-SHA
sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ecdhCurves = prime256v1, secp384r1, secp521r1
# external UI URIs
userRegistrationURL = https://www.splunk.com/page/sign_up
updateCheckerBaseURL = https://quickdraw.splunk.com/js/
docsCheckerBaseURL=https://quickdraw.splunk.com/help
#
# Splunk bar options
# Internal config. May change without notice.
#
# set the visibility of the product menu
showProductMenu = False
# set the product menu text label
productMenuLabel = My Splunk
# set the visibility of the 'Profile' link in the user menu
showUserMenuProfile = False
# set the domain product menu links to
productMenuUriPrefix = https://splunkcommunities.force.com
#
# Header options
#
# setting X-FRAME-OPTIONS header to SAMEORIGIN helps to prevent "click-jacking" attacks
x_frame_options_sameorigin = True
#
# SSO Configuration
#
# Remote user HTTP header sent by the authenticating proxy server.
# This header should be set to the authenticated user.
#
remoteUser = REMOTE_USER
# If set to 1, is more strict about matching the header specified in
# remoteUser.
remoteUserMatchExact = 0
# If set to 1, is more strict about matching the header specified in
# remoteGroups.
remoteGroupsMatchExact = 0
# Value false means splunk is expecting remote group entries in unquoted format
remoteGroupsQuoted = False
# SSO mode.
# Allows SSO to behave in either permissive or strict mode.
# Permissive: Users may login to splunkweb using a valid splunk account
# even if they are coming from a non trusted IP.
# Strict: All requests to splunkweb will be restricted to those originating
# from a trusted IP except those to endpoints not requiring authentication.
#
# allowed values: strict, permissive
# default: strict.
#
SSOMode = strict
# Trusted IP. This is the IP address of the authenticating proxy.
# Splunkweb verifies it is receiving data from the proxy host for all
# SSO requests.
# Set in local/web.conf a valid IP address to enable SSO.
#
# trustedIP = 127.0.0.1
# If set to 1, this will allow SSO to work even if server.conf doesn't
# have a trustedIP set (it still needs to be set in web.conf)
allowSsoWithoutChangingServerConf = 0
# List of OIDs to be queried while searching for PIV to perform client certificate
# based user authentication via LDAP.
certBasedUserAuthPivOidList = 1.3.6.1.4.1.311.20.2.3, Microsoft Universal Principal Name
#
# splunk appserver config
#
# Top level name for the site
root_endpoint = /
# path to static content
# The path here is automatically appended to root_endpoint defined above
static_endpoint = /static
# Set this in local/web.conf if running behind a reverse proxy
# tools.proxy.on = True
# The directory that actually holds the static content
# this can be an absolute url if you want to put it elsewhere
static_dir = share/splunk/search_mrsparkle/exposed
# The path here is automatically appended to root_endpoint defined above
rss_endpoint = /rss
# Used to override the default protocol/host of the user agent
# with a specific URI prefix for guest pass enabled content
# generated in the HTML iframe snippet
embed_uri =
# Used to override the default footer for embedded reports.
embed_footer = splunk>
# Set this in local/web.conf to enable directory indexes in static directories
# tools.staticdir.generate_indexes = 1
# base path to mako templates
template_dir = share/splunk/search_mrsparkle/templates
# base path to UI module assets
module_dir = share/splunk/search_mrsparkle/modules
# Determines if webserver applies gzip compression to responses
enable_gzip = True
# Determines if the Expires header of /static files is set to a far-future date
use_future_expires = True
# Flash support, broken into three parts.
# We currently require a min baseline of Shockwave Flash 9.0 r124
flash_major_version = 9
# DEPRECATED.
flash_minor_version = 0
# DEPRECATED.
flash_revision_version = 124
# DEPRECATED.
# Setting this to False will prevent many client-side packages (such as the Splunk JavaScript SDK) from working correctly
enable_proxy_write = True
# JavaScript Logger mode
# Available modes: None, Firebug, Server
# Mode None: Does not log anything
# Mode Firebug: Use firebug by default if it exists or defer to the older less promiscuous version of firebug lite
# Mode Server: Log to a defined server endpoint
# See js/logger.js Splunk.Logger.Mode for mode implementation details and if you would like to author your own
js_logger_mode = None
# Mode SERVER
# The server endpoint to post javascript log messages
js_logger_mode_server_end_point = util/log/js
# The interval in milliseconds to check, post and cleanse the javascript log buffer
js_logger_mode_server_poll_buffer = 1000
# The maximum size threshold to post and cleanse the javascript log buffer
js_logger_mode_server_max_buffer = 100
# Specifies the length of time lapsed (in minutes) for notification when there is no user interface clicking, mouseover, scrolling or resizing.
# If less than 1, results in no timeout notification ever being triggered (Sessions will stay alive for as long as the browser is open).
ui_inactivity_timeout = 60
# Toggle the insecure login endpoint
enable_insecure_login = False
# Toggle secure entity move
enable_secure_entity_move = True
# Toggle the secure pdfgen endpoint
enable_insecure_pdfgen = False
# Toggle for simplified error page
simple_error_page = False
# Configuration options for a in-memory cache of static objects from the application server.
cacheBytesLimit = 4194304
cacheEntriesLimit = 16384
staticCompressionLevel = 9
# Enable/Disable Form Username and Password storage prompts and control form data from being cached in session history.
enable_autocomplete_login = False
# If set to "False", skips a verification done by the login page that cookies appear to work.
verifyCookiesWorkDuringLogin = True
# Custom content for login screen
login_content =
# Control what's left on for search decomposition
enabled_decomposers = plot
#Toggle whether the static JS files for modules are consolidated and minified
minify_js = True
#Toggle whether the static CSS files for modules are consolidated and minified
minify_css = True
# Toggle whether the JS for individual modules is wrapped in a try/catch
# If True, syntax errors in individual modules will not cause the UI to hang,
# other than when using the module in question
# Set this to False when developing apps.
trap_module_exceptions = True
# Toggle whether the pivot interface will use its own ad-hoc acceleration when a data model is not accelerated.
# If True, this ad-hoc acceleration will be used to make reporting in pivot faster and more responsive.
# In situations where data is not stored in time order or where the majority of events are far in the past, disabling
# this behavior can improve the pivot experience.
# DEPRECATED in version 6.1 and later, use pivot_adhoc_acceleration_mode instead
enable_pivot_adhoc_acceleration = True
# Specify the type of ad-hoc acceleration used by the pivot interface when a data model is not accelerated.
# If Elastic, the pivot interface will only accelerate the time range specified for reporting, and will dynamically
# adjust when this time range is changed.
# If AllTime, the pivot interface will accelerate the relevant data over all time. This will make the interface
# more responsive to time-range changes but places a larger load on system resources.
# If None, the pivot interface will not use any acceleration. This means any change to the report will require
# restarting the search.
pivot_adhoc_acceleration_mode = Elastic
# Toggle whether the JSChart module runs in Test Mode
# If True, JSChart module attaches HTML classes to chart elements for introspection
# This will negatively impact performance, so should be disabled unless actively in use.
jschart_test_mode = False
#
# JSChart data truncation configuration
# To avoid browser performance impacts, the JSChart library limits the amount of data rendered in an individual chart.
# The truncation limit controls how many total points will be plotted by the chart. It can be configured here either
# across all browsers or specifically per-browser. Set the value to empty or 0 to disable the limit.
# cross-browser truncation limit, un-comment this line to apply a limit that will take precedence
# over the browser-specific limits below:
#jschart_truncation_limit = 50000
# browser-specific truncation limits:
jschart_truncation_limit.chrome = 50000
jschart_truncation_limit.firefox = 50000
jschart_truncation_limit.safari = 50000
jschart_truncation_limit.ie11 = 50000
# The series limit controls the number of series that will be plotted by the chart. This limit applies to all browsers.
# Set the value to empty or 0 to disable the limit.
jschart_series_limit = 100
# DEPRECATED: use data_params.count in visualizations.conf to override on a per-visualization basis.
# The results limit controls the number of results that will be plotted for each series. This limit applies to all browsers.
# If the product of the series limit (see above) and the results limit is greater than the truncation limit (see above),
# then the number of results per series will be reduced to meet the truncation limit.
# Set the value to empty or 0 to disable the limit.
jschart_results_limit = 10000
#
# Choropleth map data truncation
# To avoid browser performance impacts, Choropleth maps limit the amount of shapes rendered at one time.
# This limit applies to all browsers. Set the value to empty or 0 to disable the limit.
choropleth_shape_limit = 10000
# Dashboard runtime settings
dashboard_html_allow_inline_styles = true
dashboard_html_allow_iframes = true
dashboard_html_allow_embeddable_content = false
dashboard_html_wrap_embed = true
# The maximum number of views to cache in the appserver.
max_view_cache_size = 1000
# Used to bypass extra call to splunkd to determine pdfgen availability
# This is set on a per-platform basis, changing this is not recommended
pdfgen_is_available = 1
#
# cherrypy HTTP server config
#
# The default setting value provides acceptable performance for most use cases.
# If you experience UI latency, you can increase the value to a maximum of 200.
server.thread_pool = 50
# Host values may be any IPv4 or IPv6 address, or any valid hostname.
# The string 'localhost' is a synonym for '127.0.0.1' (or '::1', if
# your hosts file prefers IPv6). The string '0.0.0.0' is a special
# IPv4 entry meaning "any active interface" (INADDR_ANY), and '::'
# is the similar IN6ADDR_ANY for IPv6.
# Defaults to 0.0.0.0 if listenOnIPv6 is set to no, else ::
# server.socket_host = 0.0.0.0
# Set to "yes" to enable IPv6 support, or "only" accept connection
# on IPv6 only
listenOnIPv6 = no
# Default is to allow files up to 500MB to be uploaded to the server
# change this in local/web.conf if necessary
# max_upload_size = 500
# HTTP access log filename
log.access_file = web_access.log
# Maximum file size of the access log, in bytes
log.access_maxsize = 25000000
# Maximum number of rotated log files to retain
log.access_maxfiles = 5
# Maximum file size of the web_service.log file, in bytes
log.error_maxsize = 25000000
# Maximum number of rotated log files to retain
log.error_maxfiles = 5
# Set to True to enable debug output to the console
log.screen = True
# Set this to False on production machines
request.show_tracebacks = True
# Auto reload python files; turn on while debugging
engine.autoreload.on = False
# user session configuration
# You really don't want to turn this off
tools.sessions.on = True
tools.sessions.timeout = 60
# Set to False to expire the session cookie when the browser exits
tools.sessions.restart_persist = True
# Set to False to allow the session cookie to be read by javascript
tools.sessions.httponly = True
# Set to False to allow the session cookie to be accessible to insecure pages
tools.sessions.secure = True
# Set to True to force cookie secure flag when splunkweb is behind proxy server
tools.sessions.forceSecure = False
# Some requests such as uploading large files can take a long time
response.timeout = 7200
# Comment out the next two lines to use RAM based sessions instead
# Use an absolute path to store sessions outside of the splunk tree
tools.sessions.storage_type = file
tools.sessions.storage_path = var/run/splunk
# Decode all strings that come into Cherrpy controller methods to unicode (assumes UTF-8 encoding).
# WARNING: Disabling this will likely break the application, as all incoming strings are assumed
# to be unicode.
tools.decode.on = True
# Encodes all controller method response strings into UTF-8 str objects in Python.
# WARNING: Disabling this will likely cause high byte character encoding to fail.
tools.encode.on = True
# Force all outgoing characters to be encoded into UTF-8.
# This only works with tools.encode.on set to True.
# By setting this to utf-8, Cherrypy's default behavior of observing the Accept-Charset header
# is overwritten and forces utf-8 output. Only change this if you know a particular browser
# installation must receive some other character encoding (Latin-1 iso-8859-1, etc)
# WARNING: Change this at your own risk.
tools.encode.encoding = utf-8
# Controls CherryPy's ability to encode content type. If set to True, CherryPy will only encode
# text (text/*) content. As of the Python 3 conversion we are defaulting to False as the current
# controller responses are in Unicode.
# WARNING: Change this at your own risk.
tools.encode.text_only = False
# Path to the PID file
# pid_path = var/run/splunk/splunkweb.pid
# override MIME type for JSON data
# If this is set to True, the splunkweb appserver will serve up JSON data with
# a content-type of "text/plain; charset=UTF-8". This keeps it compatible with previous versions of Splunk.
# If this is set to False, the content-type will be "application/json; charset=UTF-8" as is standard.
# In a future version of Splunk, this default will change so that the standard content-type
# is used consistently between splunkweb endpoints and splunkd endpoints accessed through proxy
override_JSON_MIME_type_with_text_plain = True
# The amount of time, in seconds, of inactivity in Splunk Web, after which the search job automatically cancels.
job_default_auto_cancel = 62
# Minimum and maximum polling interval options for job in milliseconds (ms)
# Set job_min_polling_interval between 100 to job_max_polling_interval
# Set job_max_polling_interval up to the recommended value which is 3000
job_min_polling_interval = 100
job_max_polling_interval = 1000
# ACL we'll accept network connections from.
acceptFrom = *
# Limits on the number of threads and sockets that the HTTP server will consume.
maxThreads = 0
maxSockets = 0
# Allows moving HTTP I/O (including SSL encryptions) into separate threads. Usually best left at zero.
dedicatedIoThreads = 0
# Sets the amount of time, in seconds, that the SplunkWeb HTTP server will allow a keep-alive connection to remain idle before disconnecting it forcefully.
keepAliveIdleTimeout = 7200
busyKeepAliveIdleTimeout = 12
# Controls whether we treat allow incoming connections as HTTP/1.1.
forceHttp10 = auto
# Controls CORS headers sent with responses.
crossOriginSharingPolicy =
# Controls CORS Access-Control-Allow-Headers header.
crossOriginSharingHeaders =
# SSL options.
allowSslCompression = false
allowSslRenegotiation = true
sendStrictTransportSecurityHeader = false
includeSubDomains = false
preload = false
# Controls the visibility of the debug endpoints (i.e., /debug/**splat).
enableWebDebug = False
# Add template paths to the allowable whitelist relative to $SPLUNK_HOME.
allowableTemplatePaths =
# Enable checks for data-exfiltrating search commands
enable_risky_command_check = true
# Enable checks for data-exfiltrating search commands within a dashboard
enable_risky_command_check_dashboard = true
# REMOVED. This setting no longer has any effect.
# Whether or not the search job request accepts XML stylesheet language (XSL) as input to format search results.
# If set to "true", the search job request accepts XSL as input to format search results.
# If set to "false", the search job request does not accept XSL as input to format search results.
# Default: false
enableSearchJobXslt = false
# Default login logo image settings
loginCustomLogo =
# Default favicon image settings
customFavicon =
# Default login background image settings
loginBackgroundImageOption = default
loginCustomBackgroundImage =
# Default login footer settings
# NOTE: This option is made available only to OEM customers participating in Splunk's OEM Partner Program
# and subject to the relevant terms of the Master OEM Agreement. All other customers or partners are prohibited
# from removing or altering any copyright, trademark, and/or other intellectual property or proprietary rights
# notices of Splunk placed on or embedded in any Splunk materials.
loginFooterOption = default
loginFooterText =
# Default login document title settings
# NOTE: This option is made available only to OEM customers participating in Splunk's OEM Partner Program
# and subject to the relevant terms of the Master OEM Agreement. All other customers or partners are prohibited
# from removing or altering any copyright, trademark, and/or other intellectual property or proprietary rights
# notices of Splunk placed on or embedded in any Splunk materials.
loginDocumentTitleOption = default
loginDocumentTitleText =
# Default first time login message settings
# CAUTION: This setting is only configurable for original equipment manufacturer (OEM) customers that participate
# in the Splunk OEM Partner Program. It is subject to the terms of the Master OEM Agreement. If you are not
# a member of this program, you MUST NOT remove or alter any Splunk copyright, trademark, and/or other intellectual
# property or proprietary rights notices that Splunk embeds into any of its material. This action includes but
# is not limited to configuring this setting.
firstTimeLoginMessageOption = default
firstTimeLoginMessage =
# Default password hint at first time login on the login page.
loginPasswordHint =
# Maximum number of reports to fetch to populate the navigation drop-down menu of an app. Default is 500.
appNavReportsLimit = 500
# Log messages emitted to stderr of the appserver process to splunkd.log
appServerProcessLogStderr = false
# The Simple XML dashboard version used for newly created Simple XML dashboards.
# DEPRECATED. The dashboard framework uses the latest Simple XML dashboard version for newly created dashboards.
# CAUTION: Do not change this setting without contacting Splunk Support.
simplexml_dashboard_create_version = 1.1
# Determines whether or not Splunk Web can use insecure libraries which will be deprecated.
allow_insecure_libraries_toggle = true
# Whether or not the UI will show app context in certain locations
show_app_context = true
# The value of the "SameSite" cookie attribute for which the Splunk web server
# is to set in the web browser.
cookieSameSite = not_specified
[remoteUI]
optInRemoteUI = false
allowExternalRemote = false
# Rules for Monitoring Console
[smc]
# Rules controlling what REST interfaces are available via the web UI via the "/splunkd" endpoint:
[expose:admin_alerts]
methods = GET,DELETE
pattern = admin/alerts
[expose:admin_duo_mfa-duo_mfa]
methods = GET
pattern = admin/Duo-MFA/duo-mfa
[expose:admin_rsa_mfa-rsa-mfa]
methods = GET
pattern = admin/Rsa-MFA/rsa-mfa
[expose:admin_alerts_ELEMENT]
methods = GET,DELETE
pattern = admin/alerts/*
[expose:admin_conf-reports]
methods = POST,GET,DELETE
pattern = admin/conf-reports
[expose:admin_conf-impersonation]
methods = POST,GET
pattern = admin/conf-impersonation
[expose:admin_conf-impersonation_ELEMENT]
methods = POST,GET,DELETE
pattern = admin/conf-impersonation/*
[expose:admin_distsearch-group]
methods = POST,GET
pattern = admin/distsearch-group
[expose:admin_distsearch-group_ELEMENT]
methods = GET,POST,DELETE
pattern = admin/distsearch-group/*
[expose:admin_saml_idp_metadata]
methods = GET,POST
pattern = admin/SAML-idp-metadata
[expose:admin_saml_idp_metadata_ELEMENT]
methods = GET,POST
pattern = admin/SAML-idp-metadata/*
[expose:admin_saml_groups]
methods = GET,POST,DELETE
pattern = admin/SAML-groups
[expose:admin_saml_groups_ELEMENT]
methods = GET,POST,DELETE
pattern = admin/SAML-groups/*
[expose:admin_telemetry]
methods = GET,POST,DELETE
pattern = admin/telemetry
[expose:admin_telemetry_ELEMENT]
methods = GET,POST,DELETE
pattern = admin/telemetry/*
[expose:admin_win-alleventlogs]
pattern = admin/win-alleventlogs
[expose:admin_win-alleventlogs_ELEMENT]
pattern = admin/win-alleventlogs/*
[expose:admin_win-perfmon]
pattern = admin/win-perfmon
[expose:admin_win-perfmon_ELEMENT]
pattern = admin/win-perfmon/*
[expose:admin_win-perfmon-find-collection]
pattern = admin/win-perfmon-find-collection
[expose:admin_win-perfmon-find-collection_ELEMENT]
pattern = admin/win-perfmon-find-collection/*
[expose:admin_win-perfmon-find-collection_ELEMENT_ELEMENT]
pattern = admin/win-perfmon-find-collection/*/*
[expose:admin_win-enum-eventlogs]
pattern = admin/win-wmi-enum-eventlogs
[expose:admin_win-enum-eventlogs_ELEMENT]
pattern = admin/win-wmi-enum-eventlogs/*
[expose:admin_win-wmi-find-collection]
pattern = admin/win-wmi-find-collection
[expose:admin_win-wmi-find-collection_ELEMENT]
pattern = admin/win-wmi-find-collection/*
[expose:admin_file-explorer]
pattern = admin/file-explorer
[expose:admin_file-explorer_ELEMENT]
pattern = admin/file-explorer/*
[expose:admin_directory]
pattern = admin/directory
[expose:admin_win-reg-explorer]
pattern = admin/win-reg-explorer
[expose:admin_win-reg-explorer_ELEMENT]
pattern = admin/win-reg-explorer/*
[expose:admin_win-ad-explorer]
pattern = admin/win-ad-explorer
[expose:admin_win-ad-explorer_ELEMENT]
pattern = admin/win-ad-explorer/*
[expose:admin_summarization]
methods = POST,GET,DELETE
pattern = admin/summarization
[expose:admin_summarization_ELEMENT]
methods = GET,POST,DELETE
pattern = admin/summarization/*
[expose:admin_summarization_ELEMENT_details]
pattern = admin/summarization/*/details
[expose:admin_users]
methods = GET,DELETE
pattern = admin/users
[expose:admin_users_ELEMENT]
methods = GET,DELETE
pattern = admin/users/*
[expose:alerts_fired_alerts]
pattern = alerts/fired_alerts
[expose:alerts_fired_alerts_ELEMENT]
methods = GET,DELETE
pattern = alerts/fired_alerts/*
[expose:apps_appinstall]
methods = POST
pattern = apps/appinstall
[expose:apps_apptemplates]
pattern = apps/apptemplates
[expose:apps_apptemplates_ELEMENT]
pattern = apps/apptemplates/*
[expose:apps_remote]
methods = GET,POST
pattern = apps/remote
[expose:apps_remote_ELEMENT]
methods = GET,POST
pattern = apps/remote/*
[expose:apps_remote_ELEMENT_ELEMENT]
methods = GET,POST
pattern = apps/remote/*/*
[expose:apps]
methods = GET,POST
pattern = apps/local
[expose:apps_ELEMENT]
methods = GET,POST,DELETE
pattern = apps/local/*
[expose:apps_ELEMENT_disable]
methods = POST
pattern = apps/local/*/disable
[expose:apps_ELEMENT_enable]
methods = POST
pattern = apps/local/*/enable
[expose:apps_ELEMENT_acl]
methods = POST
pattern = apps/local/*/acl
[expose:apps_ELEMENT_reload]
methods = GET,POST
pattern = apps/local/*/_reload
[expose:apps_ELEMENT_dependencies]
methods = GET
pattern = apps/local/*/dependencies
[expose:auth_login]
methods = POST
pattern = auth/login
skipCSRFProtection = 1
[expose:authentication_auth-tokens]
methods = POST,GET
pattern = authentication/auth-tokens
[expose:authentication_current-context]
pattern = authentication/current-context
[expose:authentication_current-context_ELEMENT]
pattern = authentication/current-context/*
[expose:authentication_providers_saml]
methods = GET,DELETE,POST
pattern = authentication/providers/SAML
[expose:authentication_providers_saml_ELEMENT]
methods = GET,DELETE,POST
pattern = authentication/providers/SAML/*
[expose:authentication_providers_services_active_authmodule]
methods = GET
pattern = authentication/providers/services/active_authmodule
[expose:authentication_httpauth-tokens]
pattern = authentication/httpauth-tokens
[expose:authentication_httpauth-tokens_ELEMENT]
methods = GET,DELETE
pattern = authentication/httpauth-tokens/*
[expose:authentication_users]
methods = POST,GET
pattern = authentication/users
[expose:authentication_users_ELEMENT]
methods = GET,DELETE,POST
pattern = authentication/users/*
[expose:authorization_grantable_capabilities]
pattern = authorization/grantable_capabilities
[expose:authorization_capabilities]
pattern = authorization/capabilities
[expose:authorization_capabilities_ELEMENT_]
pattern = authorization/capabilities/*/
[expose:authorization_roles]
methods = POST,GET
pattern = authorization/roles
[expose:authorization_roles_ELEMENT]
methods = GET,DELETE,POST
pattern = authorization/roles/*
[expose:authorization_fieldfilters]
methods = POST,GET
pattern = authorization/fieldfilters
[expose:authorization_fieldfilters_ELEMENT]
methods = GET,DELETE,POST
pattern = authorization/fieldfilters/*
[expose:cluster_config]
pattern = cluster/config
[expose:cluster_master_status]
methods = GET,POST
pattern = cluster/master/status
[expose:workloads_status]
methods = GET
pattern = workloads/status
[expose:workloads_config_preflight_checks]
methods = GET
pattern = workloads/config/preflight-checks
[expose:workloads_config_enable]
methods = POST
pattern = workloads/config/enable
[expose:workloads_config_disable]
methods = POST
pattern = workloads/config/disable
[expose:workloads_pools]
methods = GET,POST
pattern = workloads/pools
[expose:workloads_pools_ELEMENT]
methods = GET,POST,DELETE
pattern = workloads/pools/*
[expose:workloads_categories]
methods = GET,POST
pattern = workloads/categories
[expose:workloads_categories_ELEMENT]
methods = GET,POST,DELETE
pattern = workloads/categories/*
[expose:workloads_rules]
methods = GET,POST
pattern = workloads/rules
[expose:workloads_rules_ELEMENT]
methods = GET,POST,DELETE
pattern = workloads/rules/*
[expose:workloads_rules_ELEMENT_enable]
methods = POST
pattern = workloads/rules/*/enable
[expose:workloads_rules_ELEMENT_disable]
methods = POST
pattern = workloads/rules/*/disable
[expose:workloads_policy_search_admission_control]
methods = POST
pattern = workloads/policy/search_admission_control
[expose:workloads_policy]
methods = GET
pattern = workloads/policy
[expose:workloads_policy_ELEMENT]
methods = GET,POST
pattern = workloads/policy/*
[expose:shcluster_config]
pattern = shcluster/config
[expose:shcluster_config_config]
methods = GET,POST
pattern = shcluster/config/*
[expose:shcluster_members]
methods = GET,POST
pattern = shcluster/member/members
[expose:shcluster_restart]
methods = POST
pattern = shcluster/captain/control/control/restart
[expose:shcluster_captain_transfer]
methods = POST
pattern = shcluster/member/consensus/*/transfer_captaincy
[expose:shcluster_status]
methods = GET
pattern = shcluster/status
[expose:cluster_master_buckets_ELEMENT]
methods = GET
pattern = cluster/master/buckets/*
[expose:cluster_master_buckets_ELEMENT_remove_all]
methods = POST
pattern = cluster/master/buckets/*/remove_all
[expose:cluster_master_buckets_ELEMENT_remove_from_peer]
methods = POST
pattern = cluster/master/buckets/*/remove_from_peer
[expose:cluster_master_control_control_roll_hot_buckets]
methods = POST
pattern = cluster/master/control/control/roll-hot-buckets
[expose:cluster_master_control_control_resync_bucket_from_peer]
methods = POST
pattern = cluster/master/control/control/resync_bucket_from_peer
[expose:cluster_master_control_control_restart]
methods = POST, GET
pattern = cluster/master/control/control/restart
[expose:cluster_config_ELEMENT]
methods = GET,POST
pattern = cluster/config/*
[expose:cluster_master_ELEMENT]
methods = GET,POST
pattern = cluster/master/*
[expose:cluster_master_ELEMENT_ELEMENT]
methods = GET,POST
pattern = cluster/master/*/*
[expose:cluster_master_control_default_apply]
methods = GET,POST
pattern = cluster/master/control/default/apply
[expose:cluster_master_control_control_prune_index]
methods = POST
pattern = cluster/master/control/control/prune_index
[expose:cluster_master_control_validate]
methods = POST
pattern = cluster/master/control/control/validate_bundle
[expose:cluster_master_control_rollback]
methods = POST
pattern = cluster/master/control/control/rollback
[expose:cluster_slave_ELEMENT]
methods = GET,POST
pattern = cluster/slave/*
[expose:cluster_slave_info_ELEMENT]
methods = GET,POST
pattern = cluster/slave/info/*
[expose:cluster_searchhead_ELEMENT]
methods = GET,POST
pattern = cluster/searchhead/*
[expose:cluster_searchhead_generation_ELEMENT]
methods = GET,POST
pattern = cluster/searchhead/generation/*
[expose:cluster_searchhead_searchheadconfig_ELEMENT]
methods = GET,POST,DELETE
pattern = cluster/searchhead/searchheadconfig/*
[expose:cluster_manager]
methods = GET,POST
pattern = cluster/manager/**/*
[expose:configs_conf-VALUE]
methods = GET,POST
pattern = configs/conf-*
[expose:configs_conf-VALUE_ELEMENT]
methods = GET,POST,DELETE
pattern = configs/conf-*/*
[expose:configs_conf-VALUE_ELEMENT_acl]
methods = GET,POST
pattern = configs/conf-*/*/acl
[expose:configs_conf-VALUE_ELEMENT_disable]
methods = POST
pattern = configs/conf-*/*/disable
[expose:configs_conf-VALUE_ELEMENT_enable]
methods = POST
pattern = configs/conf-*/*/enable
[expose:configs_spec]
methods = GET,POST
pattern = configs/spec
[expose:configs_validation]
methods = POST
pattern = configs/validation
[expose:data_commands]
pattern = data/commands
[expose:data_commands_ELEMENT]
pattern = data/commands/*
[expose:data_commands_ELEMENT_acl]
methods = POST
pattern = data/commands/*/acl
[expose:data_indexes]
methods = POST,GET
pattern = data/indexes
[expose:data_indexes_ELEMENT]
methods = GET,POST,DELETE
pattern = data/indexes/*
[expose:data_indexes_ELEMENT_disable]
methods = POST
pattern = data/indexes/*/disable
[expose:data_indexes_ELEMENT_enable]
methods = POST
pattern = data/indexes/*/enable
[expose:data_indexes-extended]
methods = GET
pattern = data/indexes-extended
[expose:data_ingest_event_capture]
methods = POST
pattern = data/ingest/event-capture
[expose:data_ingest_rfs_destinations]
methods = GET,POST
pattern = data/ingest/rfsdestinations
[expose:data_ingest_rfs_destinations_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ingest/rfsdestinations/*
[expose:data_ingest_rfs_destinations_ELEMENT_test]
methods = POST
pattern = data/ingest/rfsdestinations/*/test
[expose:data_ingest_rulesets]
methods = GET,POST
pattern = data/ingest/rulesets
[expose:data_ingest_rulesets_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ingest/rulesets/*
[expose:data_ingest_rulesets_deployment]
methods = GET
pattern = data/ingest/ruleset-deployment
[expose:data_ingest_rulesets_status]
methods = GET
pattern = data/ingest/ruleset-status
[expose:data_ingest_ruleset_serialize]
methods = POST
pattern = data/ingest/ruleset-serialize
[expose:data_distributed-indexes]
methods = GET
pattern = data/distributed-indexes
[expose:data_inputs]
methods = GET
pattern = data/inputs
[expose:data_inputs_ad]
methods = POST,GET
pattern = data/inputs/ad
[expose:data_inputs_ad_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/ad/*
[expose:data_inputs_token_http]
methods = POST,GET
pattern = data/inputs/http
[expose:data_inputs_token_http_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/http/*
[expose:data_inputs_token_http_ELEMENT_ELEMENT]
methods = POST,GET
pattern = data/inputs/http/*/*
[expose:data_inputs_monitor]
methods = POST,GET
pattern = data/inputs/monitor
[expose:data_inputs_monitor_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/monitor/*
[expose:data_inputs_monitor_ELEMENT_members]
pattern = data/inputs/monitor/*/members
[expose:data_inputs_oneshot]
methods = POST,GET
pattern = data/inputs/oneshot
[expose:data_inputs_oneshot_ELEMENT]
pattern = data/inputs/oneshot/*
[expose:data_inputs_registry]
methods = POST,GET
pattern = data/inputs/registry
[expose:data_inputs_registry_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/registry/*
[expose:data_inputs_script]
methods = POST,GET
pattern = data/inputs/script
[expose:data_inputs_script_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/script/*
[expose:data_inputs_script_restart]
methods = POST
pattern = data/inputs/script/restart
[expose:data_inputs_tcp_cooked]
methods = POST,GET
pattern = data/inputs/tcp/cooked
[expose:data_inputs_tcp_cooked_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/tcp/cooked/*
[expose:data_inputs_tcp_cooked_ELEMENT_connections]
pattern = data/inputs/tcp/cooked/*/connections
[expose:data_inputs_tcp_raw]
methods = POST,GET
pattern = data/inputs/tcp/raw
[expose:data_inputs_tcp_raw_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/tcp/raw/*
[expose:data_inputs_tcp_raw_ELEMENT_connections]
pattern = data/inputs/tcp/raw/*/connections
[expose:data_inputs_tcp_ssl]
pattern = data/inputs/tcp/ssl
[expose:data_inputs_tcp_ssl_ELEMENT]
methods = GET,POST
pattern = data/inputs/tcp/ssl/*
[expose:data_inputs_udp]
methods = POST,GET
pattern = data/inputs/udp
[expose:data_inputs_udp_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/udp/*
[expose:data_inputs_udp_ELEMENT_connections]
pattern = data/inputs/udp/*/connections
[expose:data_inputs_win-event-log-collections]
methods = POST,GET
pattern = data/inputs/win-event-log-collections
[expose:data_inputs_win-event-log-collections_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/win-event-log-collections/*
[expose:data_inputs_winhostmon]
methods = POST,GET
pattern = data/inputs/WinHostMon
[expose:data_inputs_winhostmon_ELEMENT]
methods = POST,GET
pattern = data/inputs/WinHostMon/*
[expose:data_inputs_winnetmon]
methods = POST,GET
pattern = data/inputs/WinNetMon
[expose:data_inputs_winnetmon_ELEMENT]
methods = POST,GET
pattern = data/inputs/WinNetMon/*
[expose:data_inputs_win-perfmon]
methods = POST,GET
pattern = data/inputs/win-perfmon
[expose:data_inputs_win-perfmon_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/win-perfmon/*
[expose:data_inputs_winprintmon]
methods = POST,GET
pattern = data/inputs/WinPrintMon
[expose:data_inputs_winprintmon_ELEMENT]
methods = POST,GET
pattern = data/inputs/WinPrintMon/*
[expose:data_inputs_win-wmi-collections]
methods = POST,GET
pattern = data/inputs/win-wmi-collections
[expose:data_inputs_win-wmi-collections_ELEMENT]
methods = GET,DELETE,POST
pattern = data/inputs/win-wmi-collections/*
[expose:data_lookup-table-files]
methods = POST,GET
pattern = data/lookup-table-files
[expose:data_lookup-table-files_ELEMENT]
methods = GET,DELETE,POST
pattern = data/lookup-table-files/*
[expose:data_lookup-table-files_ELEMENT_acl]
methods = POST
pattern = data/lookup-table-files/*/acl
[expose:data_modular-inputs]
methods = POST,GET
pattern = data/modular-inputs
[expose:data_modular-inputs_ELEMENT]
methods = GET,POST
pattern = data/modular-inputs/*
[expose:data_outputs_tcp_default]
methods = POST,GET
pattern = data/outputs/tcp/default
[expose:data_outputs_tcp_default_ELEMENT]
methods = GET,DELETE,POST
pattern = data/outputs/tcp/default/*
[expose:data_outputs_tcp_group]
methods = POST,GET
pattern = data/outputs/tcp/group
[expose:data_outputs_tcp_group_ELEMENT]
methods = GET,DELETE,POST
pattern = data/outputs/tcp/group/*
[expose:data_outputs_tcp_server]
methods = POST,GET
pattern = data/outputs/tcp/server
[expose:data_outputs_tcp_server_ELEMENT]
methods = GET,DELETE,POST
pattern = data/outputs/tcp/server/*
[expose:data_outputs_tcp_server_ELEMENT_allconnections]
pattern = data/outputs/tcp/server/*/allconnections
[expose:data_outputs_tcp_syslog]
methods = POST,GET
pattern = data/outputs/tcp/syslog
[expose:data_outputs_tcp_syslog_ELEMENT]
methods = GET,DELETE,POST
pattern = data/outputs/tcp/syslog/*
[expose:data_props_extractions]
methods = POST,GET
pattern = data/props/extractions
[expose:data_props_extractions_ELEMENT]
methods = GET,DELETE,POST
pattern = data/props/extractions/*
[expose:data_props_extractions_ELEMENT_acl]
methods = POST
pattern = data/props/extractions/*/acl
[expose:data_props_fieldaliases]
methods = POST,GET
pattern = data/props/fieldaliases
[expose:data_props_fieldaliases_ELEMENT]
methods = GET,DELETE,POST
pattern = data/props/fieldaliases/*
[expose:data_props_fieldaliases_ELEMENT_acl]
methods = POST
pattern = data/props/fieldaliases/*/acl
[expose:data_props_lookups]
methods = POST,GET
pattern = data/props/lookups
[expose:data_props_lookups_ELEMENT]
methods = GET,DELETE,POST
pattern = data/props/lookups/*
[expose:data_props_lookups_ELEMENT_acl]
methods = POST
pattern = data/props/lookups/*/acl
[expose:data_props_sourcetype-rename]
methods = POST,GET
pattern = data/props/sourcetype-rename
[expose:data_props_sourcetype-rename_ELEMENT]
methods = GET,DELETE,POST
pattern = data/props/sourcetype-rename/*
[expose:data_props_sourcetype-rename_ELEMENT_ACL]
methods = POST
pattern = data/props/sourcetype-rename/*/acl
[expose:data_transforms_extractions]
methods = POST,GET
pattern = data/transforms/extractions
[expose:data_transforms_extractions_ELEMENT]
methods = GET,DELETE,POST
pattern = data/transforms/extractions/*
[expose:data_transforms_extractions_ELEMENT_ELEMENT]
methods = POST
pattern = data/transforms/extractions/*/*
[expose:data_transforms_lookups]
methods = POST,GET
pattern = data/transforms/lookups
[expose:data_transforms_lookups_ELEMENT]
methods = GET,DELETE,POST
pattern = data/transforms/lookups/*
[expose:data_transforms_lookups_ELEMENT_acl]
methods = POST
pattern = data/transforms/lookups/*/acl
[expose:data_metric_transforms_schema]
methods = GET,POST
pattern = data/transforms/metric-schema
[expose:data_metric_transforms_schema_ELEMENT]
methods = GET,DELETE,POST
pattern = data/transforms/metric-schema/*
[expose:data_ui_manager]
methods = GET,POST
pattern = data/ui/manager
[expose:data_ui_manager_ELEMENT]
methods = GET,POST
pattern = data/ui/manager/*
[expose:data_ui_nav]
methods = GET,POST
pattern = data/ui/nav
[expose:data_ui_nav_ELEMENT]
methods = GET,POST
pattern = data/ui/nav/*
[expose:data_ui_nav_ELEMENT_acl]
methods = POST
pattern = data/ui/nav/*/acl
[expose:data_ui_prefs]
methods = POST,GET
pattern = data/ui/prefs
[expose:data_ui_prefs_ELEMENT]
methods = POST,GET,DELETE
pattern = data/ui/prefs/*
[expose:data_ui_times]
methods = GET,POST
pattern = data/ui/times
[expose:data_ui_times_ELEMENT_acl]
methods = POST
pattern = data/ui/times/*/acl
[expose:data_ui_views]
methods = GET,POST
pattern = data/ui/views
[expose:data_ui_views_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ui/views/*
[expose:data_ui_views_ELEMENT_acl]
methods = POST
pattern = data/ui/views/*/acl
[expose:data_ui_alerts]
methods = GET,POST
pattern = data/ui/alerts
[expose:data_ui_alerts_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ui/alerts/*
[expose:data_ui_alerts_ELEMENT_acl]
methods = POST
pattern = data/ui/alerts/*/acl
[expose:data_ui_panels]
methods = GET,POST
pattern = data/ui/panels
[expose:data_ui_panels_MOVE]
methods = POST
pattern = data/ui/panels/*/move
[expose:data_ui_panels_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ui/panels/*
[expose:data_ui_panels_ELEMENT_acl]
methods = POST
pattern = data/ui/panels/*/acl
[expose:data_ui_viewstates]
methods = GET,POST
pattern = data/ui/viewstates
[expose:data_ui_viewstates_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ui/viewstates/*
[expose:data_ui_visualizations]
methods = GET
pattern = data/ui/visualizations
[expose:data_ui_visualizations_ELEMENT]
methods = GET
pattern = data/ui/visualizations/*
[expose:data_user-prefs]
methods = GET,POST
pattern = data/user-prefs
[expose:data_user-prefs_ELEMENT]
methods = GET,POST,PUT,DELETE
pattern = data/user-prefs/*
[expose:data_ui_workflow-actions]
methods = GET,POST
pattern = data/ui/workflow-actions
[expose:data_ui_workflow-actions_ELEMENT]
methods = GET,POST,DELETE
pattern = data/ui/workflow-actions/*
[expose:data_ui_workflow-actions_ELEMENT_acl]
methods = POST
pattern = data/ui/workflow-actions/*/acl
[expose:data_ui_global-banner]
methods = GET,POST
pattern = data/ui/global-banner
[expose:data_ui_global-banner_ELEMENT]
methods = GET,POST
pattern = data/ui/global-banner/*
[expose:data_ui_global-banner_ELEMENT_acl]
methods = POST
pattern = data/ui/global-banner/*/acl
[expose:quarantined_status]
methods = GET
pattern = quarantined/status
allowRemoteProxy = true
[expose:data_vix-providers]
methods = GET,POST
pattern = data/vix-providers
[expose:data_vix-providers_ELEMENT]
methods = GET,POST,DELETE
pattern = data/vix-providers/*
[expose:data_vix-indexes]
methods = GET,POST
pattern = data/vix-indexes
[expose:data_vix-indexes_ELEMENT]
methods = GET,POST,DELETE
pattern = data/vix-indexes/*
[expose:data_vix-indexes_ELEMENT_ELEMENT]
methods = GET,POST
pattern = data/vix-indexes/*/*
[expose:datamodel_model]
methods = GET,POST
pattern = datamodel/model
[expose:datamodel_model_generate]
pattern = datamodel/generate
[expose:datamodel_model_generate_ELEMENT]
pattern = datamodel/generate/*
[expose:datamodel_model_ELEMENT]
methods = GET,POST,DELETE
pattern = datamodel/model/*
[expose:datamodel_model_ELEMENT_ELEMENT]
methods = POST
pattern = datamodel/model/*/*
[expose:datamodel_model_ELEMENT_desc]
pattern = datamodel/model/*/desc
[expose:datamodel_pivot]
methods = GET,POST
pattern = datamodel/pivot
[expose:datamodel_pivot_ELEMENT]
pattern = datamodel/pivot/*
[expose:data_models_ELEMENT_download]
pattern = data/models/*/download
[expose:deployment_server_applications]
methods = POST,GET,DELETE
pattern = deployment/server/applications
[expose:deployment_server_applications_ANYTHING]
methods = POST,GET,DELETE
pattern = deployment/server/applications/**
[expose:deployment_server_clients]
methods = POST,GET
pattern = deployment/server/clients
[expose:deployment_server_clients_countClients_by_machineType]
pattern = deployment/server/clients/countClients_by_machineType
[expose:deployment_server_clients_preview]
pattern = deployment/server/clients/preview
[expose:deployment_server_clients_ANYTHING.]
methods = POST,GET,DELETE
pattern = deployment/server/clients/**
[expose:deployment_server_config]
methods = POST,GET
pattern = deployment/server/config
[expose:deployment_server_config_ANYTHING]
methods = POST,GET
pattern = deployment/server/config/**
[expose:deployment_server_serverclasses]
methods = POST,GET
pattern = deployment/server/serverclasses
[expose:deployment_server_serverclasses_ANYTHING]
methods = POST,GET,DELETE
pattern = deployment/server/serverclasses/**
[expose:deploymentsetup_app_data_inputs_remote_monitor]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_monitor
[expose:deploymentsetup_app_data_inputs_remote_monitor_ANYTHING]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_monitor/**
[expose:deploymentsetup_app_data_inputs_remote_script]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_script
[expose:deploymentsetup_app_data_inputs_remote_script_ANYTHING]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_script/**
[expose:deploymentsetup_app_data_inputs_tcp_remote_raw]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/tcp/remote_raw
[expose:deploymentsetup_app_data_inputs_tcp_remote_raw_ANYTHING]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/tcp/remote_raw/**
[expose:deploymentsetup_app_data_inputs_remote_udp]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_udp
[expose:deploymentsetup_app_data_inputs_remote_udp_ANYTHING]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_udp/**
[expose:deploymentsetup_app_data_inputs_remote_eventlogs]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_eventlogs
[expose:deploymentsetup_app_data_inputs_remote_eventlogs_ANYTHING]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_eventlogs/**
[expose:deploymentsetup_app_data_inputs_remote_perfmon]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_perfmon
[expose:deploymentsetup_app_data_inputs_remote_perfmon_ANYTHING]
methods = POST,GET
pattern = deployment/server/setup/data/inputs/remote_perfmon/**
[expose:directory]
pattern = directory
[expose:directory_ELEMENT]
pattern = directory/*
[expose:web-features]
methods = GET, POST
pattern = web-features
[expose:web-features_ELEMENT]
methods = GET, POST
pattern = web-features/*
[expose:field_extractor_generate_regex]
methods = GET,POST
pattern = field_extractor/generate_regex
[expose:server_health_splunkd]
methods = GET
pattern = server/health/splunkd
[expose:server_health_splunkd_details]
methods = GET
pattern = server/health/splunkd/details
[expose:server_health_deployment]
methods = GET
pattern = server/health/deployment
[expose:server_health_deployment_details]
methods = GET
pattern = server/health/deployment/details
[expose:server_health_config]
methods = POST,GET
pattern = server/health-config
[expose:server_health_config_ELEMENT]
methods = POST,GET
pattern = server/health-config/*
[expose:indexing_preview]
methods = GET,POST
pattern = indexing/preview
[expose:indexing_preview_ELEMENT]
methods = GET,POST
pattern = indexing/preview/*
[expose:licenser_groups]
pattern = licenser/groups
[expose:licenser_groups_ELEMENT]
methods = GET,POST
pattern = licenser/groups/*
[expose:licenser_licenses]
methods = POST,GET
pattern = licenser/licenses
[expose:licenser_licenses_ELEMENT]
methods = GET,POST,DELETE
pattern = licenser/licenses/*
[expose:licenser_messages]
pattern = licenser/messages
[expose:licenser_messages_ELEMENT]
pattern = licenser/messages/*
[expose:licenser_pools]
methods = POST,GET
pattern = licenser/pools
[expose:licenser_pools_ELEMENT]
methods = GET,DELETE,POST
pattern = licenser/pools/*
[expose:licenser_script]
methods = POST,GET
pattern = licenser/script
[expose:licenser_script_ELEMENT]
methods = GET,DELETE,POST
pattern = licenser/script/*
[expose:licenser_slaves]
pattern = licenser/slaves
[expose:licenser_slaves_ELEMENT]
pattern = licenser/slaves/*
[expose:licenser_stacks]
pattern = licenser/stacks
[expose:licenser_stacks_ELEMENT]
pattern = licenser/stacks/*
[expose:licenser_localslave]
methods = GET
pattern = licenser/localslave
[expose:licenser_localslave_ELEMENT]
methods = GET
pattern = licenser/localslave/*
[expose:licenser_usage]
methods = GET
pattern = licenser/usage
[expose:licenser_usage_ELEMENT]
methods = GET
pattern = licenser/usage/*
[expose:mbtiles_splunk-tiles_ELEMENT_ELEMENT_ELEMENT]
pattern = mbtiles/splunk-tiles/*/*/*
[expose:mbtiles_splunk-tiles-dark_ELEMENT_ELEMENT_ELEMENT]
pattern = mbtiles/splunk-tiles-dark/*/*/*
[expose:messages]
methods = POST,GET
pattern = messages
[expose:messages_ELEMENT]
methods = GET,DELETE
pattern = messages/*
[expose:pdfgen_render]
methods = GET,POST
pattern = pdfgen/render
[expose:properties]
methods = GET,POST
pattern = properties
[expose:properties_ELEMENT]
methods = GET,POST
pattern = properties/*
[expose:properties_ELEMENT_ELEMENT]
methods = GET,POST
pattern = properties/*/*
[expose:properties_ELEMENT_ELEMENT_ELEMENT]
methods = GET,POST
pattern = properties/*/*/*
[expose:receivers_simple]
methods = POST
pattern = receivers/simple
[expose:receivers_stream]
methods = POST
pattern = receivers/stream
[expose:saved_bookmarks]
methods = POST,GET
pattern = saved/bookmarks/monitoring_console
[expose:saved_eventtypes]
methods = POST,GET
pattern = saved/eventtypes
[expose:saved_eventtypes_ELEMENT]
methods = GET,DELETE,POST
pattern = saved/eventtypes/*
[expose:saved_eventtypes_ELEMENT_acl]
methods = POST
pattern = saved/eventtypes/*/acl
[expose:saved_fvtags]
methods = GET,POST
pattern = saved/fvtags
[expose:saved_fvtags_ELEMENT]
methods = GET,DELETE,POST
pattern = saved/fvtags/*
[expose:saved_fvtags_ELEMENT_acl]
methods = POST
pattern = saved/fvtags/*/acl
[expose:data_macros]
methods = GET,POST
pattern = data/macros
[expose:data_macros_ELEMENT]
methods = GET,DELETE,POST
pattern = data/macros/*
[expose:data_macros_ELEMENT_acl]
methods = POST
pattern = data/macros/*/acl
[expose:saved_sourcetypes]
methods = GET,POST
pattern = saved/sourcetypes
[expose:saved_sourcetypes_ELEMENT]
methods = GET,DELETE,POST
pattern = saved/sourcetypes/*
[expose:saved_searches]
methods = POST,GET
pattern = saved/searches
[expose:saved_searches_ELEMENT]
methods = GET,DELETE,POST
pattern = saved/searches/*
oidEnabled = 1
[expose:saved_searches_ELEMENT_acknowledge]
methods = POST
pattern = saved/searches/*/acknowledge
[expose:saved_searches_ELEMENT_acl]
methods = POST
pattern = saved/searches/*/acl
[expose:saved_searches_ELEMENT_dispatch]
methods = POST
pattern = saved/searches/*/dispatch
[expose:saved_searches_ELEMENT_embed]
methods = POST
pattern = saved/searches/*/embed
[expose:saved_searches_ELEMENT_history]
pattern = saved/searches/*/history
oidEnabled = 1
[expose:saved_searches_ELEMENT_scheduled_times]
pattern = saved/searches/*/scheduled_times
[expose:saved_searches_ELEMENT_suppress]
pattern = saved/searches/*/suppress
[expose:saved_searches_ELEMENT_unembed]
methods = POST
pattern = saved/searches/*/unembed
[expose:saved_searches_ELEMENT_move]
methods = POST
pattern = saved/searches/*/move
[expose:saved_searches_ELEMENT_disable]
methods = POST
pattern = saved/searches/*/disable
[expose:saved_searches_ELEMENT_enable]
methods = POST
pattern = saved/searches/*/enable
[expose:metric_alerts]
methods = POST,GET
pattern = alerts/metric_alerts
[expose:metric_alerts_ELEMENT]
methods = GET,DELETE,POST
pattern = alerts/metric_alerts/*
oidEnabled = 1
[expose:metric_alerts_ELEMENT_acl]
methods = POST
pattern = alerts/metric_alerts/*/acl
[expose:catalog_metricstore]
methods = GET
pattern = catalog/metricstore/*
[expose:catalog_metricstore_ELEMENT_values]
methods = GET
pattern = catalog/metricstore/dimensions/*/values
oidEnabled = 1
[expose:catalog_metricstore_rollup]
methods = GET,POST
pattern = catalog/metricstore/rollup
[expose:catalog_metricstore_rollup_ELEMENT]
methods = GET,POST,DELETE
pattern = catalog/metricstore/rollup/*
[expose:scheduled_views]
pattern = scheduled/views
[expose:scheduled_views_ELEMENT]
methods = GET,DELETE,POST
pattern = scheduled/views/*
[expose:scheduled_views_ELEMENT_dispatch]
methods = POST
pattern = scheduled/views/*/dispatch
[expose:scheduled_views_ELEMENT_history]
pattern = scheduled/views/*/history
[expose:scheduled_views_ELEMENT_scheduled_times]
pattern = scheduled/views/*/scheduled_times
[expose:search_concurrency-settings]
methods = GET
pattern = search/concurrency-settings
[expose:search_concurrency-settings_search]
methods = POST
pattern = search/concurrency-settings/search
[expose:search_concurrency-settings_scheduler]
methods = POST
pattern = search/concurrency-settings/scheduler
[expose:server_status_limits_search-concurrency]
methods = GET
pattern = server/status/limits/search-concurrency
[expose:search_distributed_config]
pattern = search/distributed/config
[expose:search_distributed_config_ELEMENT]
methods = GET,DELETE,POST
pattern = search/distributed/config/*
[expose:search_distributed_peers]
methods = POST,GET
pattern = search/distributed/peers
[expose:search_distributed_peers_ELEMENT]
methods = GET,DELETE,POST
pattern = search/distributed/peers/*
[expose:search_distributed_groups]
methods = POST,GET
pattern = search/distributed/groups
[expose:search_distributed_groups_ELEMENT]
methods = GET,DELETE,POST
pattern = search/distributed/groups/*
[expose:search_distributed_groups_ELEMENT_edit]
methods = POST
pattern = search/distributed/groups/*/edit
[expose:search_fields]
pattern = search/fields
[expose:search_fields_ELEMENT]
pattern = search/fields/*
[expose:search_fields_ELEMENT_tags]
methods = GET,POST
pattern = search/fields/*/tags
[expose:search_intentionsparser]
methods = GET,POST
pattern = search/intentionsparser
[expose:search_jobs]
methods = GET,POST
pattern = search/jobs
[expose:search_jobs_ELEMENT]
methods = GET,DELETE,POST
pattern = search/jobs/*
oidEnabled = 1
[expose:search_jobs_ELEMENT_acl]
methods = POST
pattern = search/jobs/*/acl
[expose:search_jobs_ELEMENT_control]
methods = POST
pattern = search/jobs/*/control
[expose:search_jobs_ELEMENT_events]
methods = GET,POST
pattern = search/jobs/*/events
oidEnabled = 1
[expose:search_jobs_ELEMENT_results]
methods = GET,POST
pattern = search/jobs/*/results
[expose:search_jobs_ELEMENT_results_preview]
methods = GET,POST
pattern = search/jobs/*/results_preview
oidEnabled = 1
[expose:search_jobs_ELEMENT_search.log]
pattern = search/jobs/*/search.log
[expose:search_jobs_ELEMENT_summary]
pattern = search/jobs/*/summary
[expose:search_jobs_ELEMENT_timeline]
pattern = search/jobs/*/timeline
[expose:search_jobs_export]
methods = GET,POST
pattern = search/jobs/export
[expose:search_parser]
methods = GET,POST
pattern = search/parser
[expose:search_shelper]
pattern = search/shelper
[expose:search_tags]
pattern = search/tags
[expose:search_tags_ELEMENT]
methods = GET,POST,DELETE
pattern = search/tags/*
[expose:search_timeparser]
pattern = search/timeparser
[expose:search_typeahead]
pattern = search/typeahead
[expose:server_control]
pattern = server/control
[expose:server_control_restart]
methods = POST
pattern = server/control/restart
[expose:server_info]
pattern = server/info
[expose:server_info_ELEMENT]
pattern = server/info/*
[expose:server_logger]
pattern = server/logger
[expose:server_logger_ELEMENT]
methods = GET,POST
pattern = server/logger/*
[expose:server_settings]
pattern = server/settings
[expose:server_settings_ELEMENT]
methods = GET,POST
pattern = server/settings/*
[expose:services_cluster_master_control_control_rebalance_buckets]
methods = POST
pattern = cluster/master/control/control/rebalance_buckets
[expose:static_ELEMENT]
pattern = static/*
[expose:storage_collections_ANYTHING]
methods = GET,DELETE,POST
pattern = storage/collections/**
[expose:storage_collections-conf_ANYTHING]
methods = GET,DELETE,POST
pattern = storage/collections-conf/**
[expose:storage_passwords]
methods = POST,GET
pattern = storage/passwords
[expose:storage_passwords_ELEMENT]
methods = GET,DELETE,POST
pattern = storage/passwords/*
[expose:ui_tours]
methods = GET,DELETE,POST
pattern = data/ui/ui-tour
[expose:ui_tours_ELEMENT]
methods = GET,DELETE,POST
pattern = data/ui/ui-tour/*
[expose:livetail]
methods = GET,DELETE,POST
pattern = data/ui/livetail
[expose:livetail_ELEMENT]
methods = GET,DELETE,POST
pattern = data/ui/livetail/*
[expose:appsbrowser]
methods = GET
pattern = appsbrowser
[expose:appsbrowser_ELEMENT]
methods = GET,POST
pattern = appsbrowser/**
[expose:alert_actions]
methods = GET,DELETE,POST
pattern = alerts/alert_actions
[expose:alert_actions_ELEMENT]
methods = GET,DELETE,POST
pattern = alerts/alert_actions/*
[expose:alert_actions_ELEMENT_acl]
methods = GET,POST
pattern = alerts/alert_actions/*/acl
[expose:alert_actions_ui]
methods = GET,DELETE,POST
pattern = data/ui/alerts
[expose:alert_actions_ui_ELEMENT]
methods = GET,DELETE,POST
pattern = data/ui/alerts/*
[expose:alert_actions_ui_ELEMENT_acl]
methods = GET,POST
pattern = data/ui/alerts/*/acl
[expose:visualizations]
pattern = configs/conf-visualizations
[expose:ast]
methods = POST
pattern = search/ast
[expose:datasets]
methods = GET
pattern = datasets
[expose:watchdog_pstacks]
methods = GET
pattern = server/pstacks
[expose:watchdog]
methods = POST
pattern = server/watchdog
[expose:scs_tenantinfo]
methods = GET
pattern = server/scs/tenantinfo
[expose:telemetry_metric]
methods = POST
pattern = telemetry-metric
[expose:diag]
methods = GET, DELETE
pattern = diag
[expose:diag/status]
methods = GET
pattern = diag/status
allowRemoteProxy = true
[expose:admin_splunk_auth]
methods = POST,GET
pattern = admin/Splunk-auth
[expose:admin_splunk_auth_ELEMENT]
methods = POST,GET,DELETE
pattern = admin/Splunk-auth/*
[expose:federated_indexes]
methods = POST,GET
pattern = data/federated/index
[expose:federated_indexes_ELEMENT]
methods = POST,GET,DELETE
pattern = data/federated/index/*
[expose:federated_indexes_ELEMENT_disable]
methods = POST
pattern = data/federated/index/*/disable
[expose:federated_indexes_ELEMENT_enable]
methods = POST
pattern = data/federated/index/*/enable
[expose:federated_provider]
methods = POST, GET
pattern = data/federated/provider
[expose:federated_provider_ELEMENT]
methods = POST,GET,DELETE
pattern = data/federated/provider/*
[expose:federated_provider_ELEMENT_disable]
methods = POST
pattern = data/federated/provider/*/disable
[expose:federated_provider_ELEMENT_enable]
methods = POST
pattern = data/federated/provider/*/enable
[expose:federated_settings]
methods = POST, GET
pattern = data/federated/settings
[expose:federated_settings_ELEMENT]
methods = POST,GET,DELETE
pattern = data/federated/settings/*
[expose:datalake_categories]
methods = GET
pattern = data/datalake/categories
[expose:datalake_categories_ELEMENT]
methods = GET
pattern = data/datalake/categories/*
[expose:datalake_ingest]
methods = POST,GET
pattern = data/datalake/ingest
[expose:datalake_ingest_ELEMENT]
methods = POST,PUT,GET
pattern = data/datalake/ingest/*
[expose:datalake_ingest_ELEMENT_categories]
methods = GET
pattern = data/datalake/ingest/*/categories
[expose:datalake_index]
methods = GET,POST
pattern = data/datalake/index
[expose:datalake_index_ELEMENT]
methods = POST
pattern = data/datalake/index/*
# token auth
[expose:admin_token_auth]
methods = POST,GET
pattern = admin/Token-auth
[expose:admin_token_auth_ELEMENT]
methods = POST,GET
pattern = admin/Token-auth/*
[expose:authorization_tokens]
methods = POST,GET
pattern = authorization/tokens
[expose:authorization_tokens_ELEMENT]
methods = POST,GET,DELETE
pattern = authorization/tokens/*
[expose:remote-proxy]
methods = POST,GET
pattern = remote-proxy/**

Powered by BW's shoe-string budget.