# Version 9.2.2.20240415 # DO NOT EDIT THIS FILE! # Changes to default files will be lost on update and are difficult to # manage and support. # # Please make any changes to system defaults by overriding them in # apps or $SPLUNK_HOME/etc/system/local # (See "Configuration file precedence" in the web documentation). # # To override a specific setting, copy the name of the stanza and # setting to the file where you wish to override it. # # This file contains possible attributes and values you can use to configure Splunk's web interface. # [default] [settings] # enable/disable the appserver startwebserver = 1 # port number tag is missing or 0 the server will NOT start an http listener # this is the port used for both SSL and non-SSL (we only have 1 port now). httpport = 8000 # this determines whether to start SplunkWeb in http or https. enableSplunkWebSSL = false # location of splunkd; don't include http[s]:// in this anymore. mgmtHostPort = 127.0.0.1:8089 # list of ports to start python application servers on (although usually # one port is enough) # # In the past a special value of "0" could be passed here to disable # the modern UI appserver infrastructure, but that is no longer supported. appServerPorts = 8065 # default timeout, in seconds, when communicating with splunkd splunkdConnectionTimeout = 30 # enable/disable custom netloc when using http client enableSplunkWebClientNetloc = False # SSL certificate files. privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem # SSL settings # The following provides modern TLS configuration that guarantees forward- # secrecy and efficiency. This configuration drops support for old operating # systems (e.g. Windows Vista). # To add support for Windows Vista set sslVersions to tls and add these # ciphers to cipherSuite: # ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA: # ECDHE-RSA-AES128-SHA sslVersions = tls1.2 cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ecdhCurves = prime256v1, secp384r1, secp521r1 # external UI URIs userRegistrationURL = https://www.splunk.com/page/sign_up updateCheckerBaseURL = https://quickdraw.splunk.com/js/ docsCheckerBaseURL=https://quickdraw.splunk.com/help # # Splunk bar options # Internal config. May change without notice. # # set the visibility of the product menu showProductMenu = False # set the product menu text label productMenuLabel = My Splunk # set the visibility of the 'Profile' link in the user menu showUserMenuProfile = False # set the domain product menu links to productMenuUriPrefix = https://splunkcommunities.force.com # # Header options # # setting X-FRAME-OPTIONS header to SAMEORIGIN helps to prevent "click-jacking" attacks x_frame_options_sameorigin = True # # SSO Configuration # # Remote user HTTP header sent by the authenticating proxy server. # This header should be set to the authenticated user. # remoteUser = REMOTE_USER # If set to 1, is more strict about matching the header specified in # remoteUser. remoteUserMatchExact = 0 # If set to 1, is more strict about matching the header specified in # remoteGroups. remoteGroupsMatchExact = 0 # Value false means splunk is expecting remote group entries in unquoted format remoteGroupsQuoted = False # SSO mode. # Allows SSO to behave in either permissive or strict mode. # Permissive: Users may login to splunkweb using a valid splunk account # even if they are coming from a non trusted IP. # Strict: All requests to splunkweb will be restricted to those originating # from a trusted IP except those to endpoints not requiring authentication. # # allowed values: strict, permissive # default: strict. # SSOMode = strict # Trusted IP. This is the IP address of the authenticating proxy. # Splunkweb verifies it is receiving data from the proxy host for all # SSO requests. # Set in local/web.conf a valid IP address to enable SSO. # # trustedIP = 127.0.0.1 # If set to 1, this will allow SSO to work even if server.conf doesn't # have a trustedIP set (it still needs to be set in web.conf) allowSsoWithoutChangingServerConf = 0 # List of OIDs to be queried while searching for PIV to perform client certificate # based user authentication via LDAP. certBasedUserAuthPivOidList = 1.3.6.1.4.1.311.20.2.3, Microsoft Universal Principal Name # # splunk appserver config # # Top level name for the site root_endpoint = / # path to static content # The path here is automatically appended to root_endpoint defined above static_endpoint = /static # Set this in local/web.conf if running behind a reverse proxy # tools.proxy.on = True # The directory that actually holds the static content # this can be an absolute url if you want to put it elsewhere static_dir = share/splunk/search_mrsparkle/exposed # The path here is automatically appended to root_endpoint defined above rss_endpoint = /rss # Used to override the default protocol/host of the user agent # with a specific URI prefix for guest pass enabled content # generated in the HTML iframe snippet embed_uri = # Used to override the default footer for embedded reports. embed_footer = splunk> # Set this in local/web.conf to enable directory indexes in static directories # tools.staticdir.generate_indexes = 1 # base path to mako templates template_dir = share/splunk/search_mrsparkle/templates # base path to UI module assets module_dir = share/splunk/search_mrsparkle/modules # Determines if webserver applies gzip compression to responses enable_gzip = True # Determines if the Expires header of /static files is set to a far-future date use_future_expires = True # Flash support, broken into three parts. # We currently require a min baseline of Shockwave Flash 9.0 r124 flash_major_version = 9 # DEPRECATED. flash_minor_version = 0 # DEPRECATED. flash_revision_version = 124 # DEPRECATED. # Setting this to False will prevent many client-side packages (such as the Splunk JavaScript SDK) from working correctly enable_proxy_write = True # JavaScript Logger mode # Available modes: None, Firebug, Server # Mode None: Does not log anything # Mode Firebug: Use firebug by default if it exists or defer to the older less promiscuous version of firebug lite # Mode Server: Log to a defined server endpoint # See js/logger.js Splunk.Logger.Mode for mode implementation details and if you would like to author your own js_logger_mode = None # Mode SERVER # The server endpoint to post javascript log messages js_logger_mode_server_end_point = util/log/js # The interval in milliseconds to check, post and cleanse the javascript log buffer js_logger_mode_server_poll_buffer = 1000 # The maximum size threshold to post and cleanse the javascript log buffer js_logger_mode_server_max_buffer = 100 # Specifies the length of time lapsed (in minutes) for notification when there is no user interface clicking, mouseover, scrolling or resizing. # If less than 1, results in no timeout notification ever being triggered (Sessions will stay alive for as long as the browser is open). ui_inactivity_timeout = 60 # Toggle the insecure login endpoint enable_insecure_login = False # Toggle secure entity move enable_secure_entity_move = True # Toggle the secure pdfgen endpoint enable_insecure_pdfgen = False # Toggle for simplified error page simple_error_page = False # Configuration options for a in-memory cache of static objects from the application server. cacheBytesLimit = 4194304 cacheEntriesLimit = 16384 staticCompressionLevel = 9 # Enable/Disable Form Username and Password storage prompts and control form data from being cached in session history. enable_autocomplete_login = False # If set to "False", skips a verification done by the login page that cookies appear to work. verifyCookiesWorkDuringLogin = True # Custom content for login screen login_content = # Control what's left on for search decomposition enabled_decomposers = plot #Toggle whether the static JS files for modules are consolidated and minified minify_js = True #Toggle whether the static CSS files for modules are consolidated and minified minify_css = True # Toggle whether the JS for individual modules is wrapped in a try/catch # If True, syntax errors in individual modules will not cause the UI to hang, # other than when using the module in question # Set this to False when developing apps. trap_module_exceptions = True # Toggle whether the pivot interface will use its own ad-hoc acceleration when a data model is not accelerated. # If True, this ad-hoc acceleration will be used to make reporting in pivot faster and more responsive. # In situations where data is not stored in time order or where the majority of events are far in the past, disabling # this behavior can improve the pivot experience. # DEPRECATED in version 6.1 and later, use pivot_adhoc_acceleration_mode instead enable_pivot_adhoc_acceleration = True # Specify the type of ad-hoc acceleration used by the pivot interface when a data model is not accelerated. # If Elastic, the pivot interface will only accelerate the time range specified for reporting, and will dynamically # adjust when this time range is changed. # If AllTime, the pivot interface will accelerate the relevant data over all time. This will make the interface # more responsive to time-range changes but places a larger load on system resources. # If None, the pivot interface will not use any acceleration. This means any change to the report will require # restarting the search. pivot_adhoc_acceleration_mode = Elastic # Toggle whether the JSChart module runs in Test Mode # If True, JSChart module attaches HTML classes to chart elements for introspection # This will negatively impact performance, so should be disabled unless actively in use. jschart_test_mode = False # # JSChart data truncation configuration # To avoid browser performance impacts, the JSChart library limits the amount of data rendered in an individual chart. # The truncation limit controls how many total points will be plotted by the chart. It can be configured here either # across all browsers or specifically per-browser. Set the value to empty or 0 to disable the limit. # cross-browser truncation limit, un-comment this line to apply a limit that will take precedence # over the browser-specific limits below: #jschart_truncation_limit = 50000 # browser-specific truncation limits: jschart_truncation_limit.chrome = 50000 jschart_truncation_limit.firefox = 50000 jschart_truncation_limit.safari = 50000 jschart_truncation_limit.ie11 = 50000 # The series limit controls the number of series that will be plotted by the chart. This limit applies to all browsers. # Set the value to empty or 0 to disable the limit. jschart_series_limit = 100 # DEPRECATED: use data_params.count in visualizations.conf to override on a per-visualization basis. # The results limit controls the number of results that will be plotted for each series. This limit applies to all browsers. # If the product of the series limit (see above) and the results limit is greater than the truncation limit (see above), # then the number of results per series will be reduced to meet the truncation limit. # Set the value to empty or 0 to disable the limit. jschart_results_limit = 10000 # # Choropleth map data truncation # To avoid browser performance impacts, Choropleth maps limit the amount of shapes rendered at one time. # This limit applies to all browsers. Set the value to empty or 0 to disable the limit. choropleth_shape_limit = 10000 # Dashboard runtime settings dashboard_html_allow_inline_styles = true dashboard_html_allow_iframes = true dashboard_html_allow_embeddable_content = false dashboard_html_wrap_embed = true # The maximum number of views to cache in the appserver. max_view_cache_size = 1000 # Used to bypass extra call to splunkd to determine pdfgen availability # This is set on a per-platform basis, changing this is not recommended pdfgen_is_available = 1 # # cherrypy HTTP server config # # The default setting value provides acceptable performance for most use cases. # If you experience UI latency, you can increase the value to a maximum of 200. server.thread_pool = 50 # Host values may be any IPv4 or IPv6 address, or any valid hostname. # The string 'localhost' is a synonym for '127.0.0.1' (or '::1', if # your hosts file prefers IPv6). The string '0.0.0.0' is a special # IPv4 entry meaning "any active interface" (INADDR_ANY), and '::' # is the similar IN6ADDR_ANY for IPv6. # Defaults to 0.0.0.0 if listenOnIPv6 is set to no, else :: # server.socket_host = 0.0.0.0 # Set to "yes" to enable IPv6 support, or "only" accept connection # on IPv6 only listenOnIPv6 = no # Default is to allow files up to 500MB to be uploaded to the server # change this in local/web.conf if necessary # max_upload_size = 500 # HTTP access log filename log.access_file = web_access.log # Maximum file size of the access log, in bytes log.access_maxsize = 25000000 # Maximum number of rotated log files to retain log.access_maxfiles = 5 # Maximum file size of the web_service.log file, in bytes log.error_maxsize = 25000000 # Maximum number of rotated log files to retain log.error_maxfiles = 5 # Set to True to enable debug output to the console log.screen = True # Set this to False on production machines request.show_tracebacks = True # Auto reload python files; turn on while debugging engine.autoreload.on = False # user session configuration # You really don't want to turn this off tools.sessions.on = True tools.sessions.timeout = 60 # Set to False to expire the session cookie when the browser exits tools.sessions.restart_persist = True # Set to False to allow the session cookie to be read by javascript tools.sessions.httponly = True # Set to False to allow the session cookie to be accessible to insecure pages tools.sessions.secure = True # Set to True to force cookie secure flag when splunkweb is behind proxy server tools.sessions.forceSecure = False # Some requests such as uploading large files can take a long time response.timeout = 7200 # Comment out the next two lines to use RAM based sessions instead # Use an absolute path to store sessions outside of the splunk tree tools.sessions.storage_type = file tools.sessions.storage_path = var/run/splunk # Decode all strings that come into Cherrpy controller methods to unicode (assumes UTF-8 encoding). # WARNING: Disabling this will likely break the application, as all incoming strings are assumed # to be unicode. tools.decode.on = True # Encodes all controller method response strings into UTF-8 str objects in Python. # WARNING: Disabling this will likely cause high byte character encoding to fail. tools.encode.on = True # Force all outgoing characters to be encoded into UTF-8. # This only works with tools.encode.on set to True. # By setting this to utf-8, Cherrypy's default behavior of observing the Accept-Charset header # is overwritten and forces utf-8 output. Only change this if you know a particular browser # installation must receive some other character encoding (Latin-1 iso-8859-1, etc) # WARNING: Change this at your own risk. tools.encode.encoding = utf-8 # Controls CherryPy's ability to encode content type. If set to True, CherryPy will only encode # text (text/*) content. As of the Python 3 conversion we are defaulting to False as the current # controller responses are in Unicode. # WARNING: Change this at your own risk. tools.encode.text_only = False # Path to the PID file # pid_path = var/run/splunk/splunkweb.pid # override MIME type for JSON data # If this is set to True, the splunkweb appserver will serve up JSON data with # a content-type of "text/plain; charset=UTF-8". This keeps it compatible with previous versions of Splunk. # If this is set to False, the content-type will be "application/json; charset=UTF-8" as is standard. # In a future version of Splunk, this default will change so that the standard content-type # is used consistently between splunkweb endpoints and splunkd endpoints accessed through proxy override_JSON_MIME_type_with_text_plain = True # The amount of time, in seconds, of inactivity in Splunk Web, after which the search job automatically cancels. job_default_auto_cancel = 62 # Minimum and maximum polling interval options for job in milliseconds (ms) # Set job_min_polling_interval between 100 to job_max_polling_interval # Set job_max_polling_interval up to the recommended value which is 3000 job_min_polling_interval = 100 job_max_polling_interval = 1000 # ACL we'll accept network connections from. acceptFrom = * # Limits on the number of threads and sockets that the HTTP server will consume. maxThreads = 0 maxSockets = 0 # Allows moving HTTP I/O (including SSL encryptions) into separate threads. Usually best left at zero. dedicatedIoThreads = 0 # Sets the amount of time, in seconds, that the SplunkWeb HTTP server will allow a keep-alive connection to remain idle before disconnecting it forcefully. keepAliveIdleTimeout = 7200 busyKeepAliveIdleTimeout = 12 # Controls whether we treat allow incoming connections as HTTP/1.1. forceHttp10 = auto # Controls CORS headers sent with responses. crossOriginSharingPolicy = # Controls CORS Access-Control-Allow-Headers header. crossOriginSharingHeaders = # SSL options. allowSslCompression = false allowSslRenegotiation = true sendStrictTransportSecurityHeader = false includeSubDomains = false preload = false # Controls the visibility of the debug endpoints (i.e., /debug/**splat). enableWebDebug = False # Add template paths to the allowable whitelist relative to $SPLUNK_HOME. allowableTemplatePaths = # Enable checks for data-exfiltrating search commands enable_risky_command_check = true # Enable checks for data-exfiltrating search commands within a dashboard enable_risky_command_check_dashboard = true # REMOVED. This setting no longer has any effect. # Whether or not the search job request accepts XML stylesheet language (XSL) as input to format search results. # If set to "true", the search job request accepts XSL as input to format search results. # If set to "false", the search job request does not accept XSL as input to format search results. # Default: false enableSearchJobXslt = false # Default login logo image settings loginCustomLogo = # Default favicon image settings customFavicon = # Default login background image settings loginBackgroundImageOption = default loginCustomBackgroundImage = # Default login footer settings # NOTE: This option is made available only to OEM customers participating in Splunk's OEM Partner Program # and subject to the relevant terms of the Master OEM Agreement. All other customers or partners are prohibited # from removing or altering any copyright, trademark, and/or other intellectual property or proprietary rights # notices of Splunk placed on or embedded in any Splunk materials. loginFooterOption = default loginFooterText = # Default login document title settings # NOTE: This option is made available only to OEM customers participating in Splunk's OEM Partner Program # and subject to the relevant terms of the Master OEM Agreement. All other customers or partners are prohibited # from removing or altering any copyright, trademark, and/or other intellectual property or proprietary rights # notices of Splunk placed on or embedded in any Splunk materials. loginDocumentTitleOption = default loginDocumentTitleText = # Default first time login message settings # CAUTION: This setting is only configurable for original equipment manufacturer (OEM) customers that participate # in the Splunk OEM Partner Program. It is subject to the terms of the Master OEM Agreement. If you are not # a member of this program, you MUST NOT remove or alter any Splunk copyright, trademark, and/or other intellectual # property or proprietary rights notices that Splunk embeds into any of its material. This action includes but # is not limited to configuring this setting. firstTimeLoginMessageOption = default firstTimeLoginMessage = # Default password hint at first time login on the login page. loginPasswordHint = # Maximum number of reports to fetch to populate the navigation drop-down menu of an app. Default is 500. appNavReportsLimit = 500 # Log messages emitted to stderr of the appserver process to splunkd.log appServerProcessLogStderr = false # The Simple XML dashboard version used for newly created Simple XML dashboards. # DEPRECATED. The dashboard framework uses the latest Simple XML dashboard version for newly created dashboards. # CAUTION: Do not change this setting without contacting Splunk Support. simplexml_dashboard_create_version = 1.1 # Determines whether or not Splunk Web can use insecure libraries which will be deprecated. allow_insecure_libraries_toggle = true # Whether or not the UI will show app context in certain locations show_app_context = true # The value of the "SameSite" cookie attribute for which the Splunk web server # is to set in the web browser. cookieSameSite = not_specified [remoteUI] optInRemoteUI = false allowExternalRemote = false # Rules for Monitoring Console [smc] # Rules controlling what REST interfaces are available via the web UI via the "/splunkd" endpoint: [expose:admin_alerts] methods = GET,DELETE pattern = admin/alerts [expose:admin_duo_mfa-duo_mfa] methods = GET pattern = admin/Duo-MFA/duo-mfa [expose:admin_rsa_mfa-rsa-mfa] methods = GET pattern = admin/Rsa-MFA/rsa-mfa [expose:admin_alerts_ELEMENT] methods = GET,DELETE pattern = admin/alerts/* [expose:admin_conf-reports] methods = POST,GET,DELETE pattern = admin/conf-reports [expose:admin_conf-impersonation] methods = POST,GET pattern = admin/conf-impersonation [expose:admin_conf-impersonation_ELEMENT] methods = POST,GET,DELETE pattern = admin/conf-impersonation/* [expose:admin_distsearch-group] methods = POST,GET pattern = admin/distsearch-group [expose:admin_distsearch-group_ELEMENT] methods = GET,POST,DELETE pattern = admin/distsearch-group/* [expose:admin_saml_idp_metadata] methods = GET,POST pattern = admin/SAML-idp-metadata [expose:admin_saml_idp_metadata_ELEMENT] methods = GET,POST pattern = admin/SAML-idp-metadata/* [expose:admin_saml_groups] methods = GET,POST,DELETE pattern = admin/SAML-groups [expose:admin_saml_groups_ELEMENT] methods = GET,POST,DELETE pattern = admin/SAML-groups/* [expose:admin_telemetry] methods = GET,POST,DELETE pattern = admin/telemetry [expose:admin_telemetry_ELEMENT] methods = GET,POST,DELETE pattern = admin/telemetry/* [expose:admin_win-alleventlogs] pattern = admin/win-alleventlogs [expose:admin_win-alleventlogs_ELEMENT] pattern = admin/win-alleventlogs/* [expose:admin_win-perfmon] pattern = admin/win-perfmon [expose:admin_win-perfmon_ELEMENT] pattern = admin/win-perfmon/* [expose:admin_win-perfmon-find-collection] pattern = admin/win-perfmon-find-collection [expose:admin_win-perfmon-find-collection_ELEMENT] pattern = admin/win-perfmon-find-collection/* [expose:admin_win-perfmon-find-collection_ELEMENT_ELEMENT] pattern = admin/win-perfmon-find-collection/*/* [expose:admin_win-enum-eventlogs] pattern = admin/win-wmi-enum-eventlogs [expose:admin_win-enum-eventlogs_ELEMENT] pattern = admin/win-wmi-enum-eventlogs/* [expose:admin_win-wmi-find-collection] pattern = admin/win-wmi-find-collection [expose:admin_win-wmi-find-collection_ELEMENT] pattern = admin/win-wmi-find-collection/* [expose:admin_file-explorer] pattern = admin/file-explorer [expose:admin_file-explorer_ELEMENT] pattern = admin/file-explorer/* [expose:admin_directory] pattern = admin/directory [expose:admin_win-reg-explorer] pattern = admin/win-reg-explorer [expose:admin_win-reg-explorer_ELEMENT] pattern = admin/win-reg-explorer/* [expose:admin_win-ad-explorer] pattern = admin/win-ad-explorer [expose:admin_win-ad-explorer_ELEMENT] pattern = admin/win-ad-explorer/* [expose:admin_summarization] methods = POST,GET,DELETE pattern = admin/summarization [expose:admin_summarization_ELEMENT] methods = GET,POST,DELETE pattern = admin/summarization/* [expose:admin_summarization_ELEMENT_details] pattern = admin/summarization/*/details [expose:admin_users] methods = GET,DELETE pattern = admin/users [expose:admin_users_ELEMENT] methods = GET,DELETE pattern = admin/users/* [expose:alerts_fired_alerts] pattern = alerts/fired_alerts [expose:alerts_fired_alerts_ELEMENT] methods = GET,DELETE pattern = alerts/fired_alerts/* [expose:apps_appinstall] methods = POST pattern = apps/appinstall [expose:apps_apptemplates] pattern = apps/apptemplates [expose:apps_apptemplates_ELEMENT] pattern = apps/apptemplates/* [expose:apps_remote] methods = GET,POST pattern = apps/remote [expose:apps_remote_ELEMENT] methods = GET,POST pattern = apps/remote/* [expose:apps_remote_ELEMENT_ELEMENT] methods = GET,POST pattern = apps/remote/*/* [expose:apps] methods = GET,POST pattern = apps/local [expose:apps_ELEMENT] methods = GET,POST,DELETE pattern = apps/local/* [expose:apps_ELEMENT_disable] methods = POST pattern = apps/local/*/disable [expose:apps_ELEMENT_enable] methods = POST pattern = apps/local/*/enable [expose:apps_ELEMENT_acl] methods = POST pattern = apps/local/*/acl [expose:apps_ELEMENT_reload] methods = GET,POST pattern = apps/local/*/_reload [expose:apps_ELEMENT_dependencies] methods = GET pattern = apps/local/*/dependencies [expose:auth_login] methods = POST pattern = auth/login skipCSRFProtection = 1 [expose:authentication_auth-tokens] methods = POST,GET pattern = authentication/auth-tokens [expose:authentication_current-context] pattern = authentication/current-context [expose:authentication_current-context_ELEMENT] pattern = authentication/current-context/* [expose:authentication_providers_saml] methods = GET,DELETE,POST pattern = authentication/providers/SAML [expose:authentication_providers_saml_ELEMENT] methods = GET,DELETE,POST pattern = authentication/providers/SAML/* [expose:authentication_providers_services_active_authmodule] methods = GET pattern = authentication/providers/services/active_authmodule [expose:authentication_httpauth-tokens] pattern = authentication/httpauth-tokens [expose:authentication_httpauth-tokens_ELEMENT] methods = GET,DELETE pattern = authentication/httpauth-tokens/* [expose:authentication_users] methods = POST,GET pattern = authentication/users [expose:authentication_users_ELEMENT] methods = GET,DELETE,POST pattern = authentication/users/* [expose:authorization_grantable_capabilities] pattern = authorization/grantable_capabilities [expose:authorization_capabilities] pattern = authorization/capabilities [expose:authorization_capabilities_ELEMENT_] pattern = authorization/capabilities/*/ [expose:authorization_roles] methods = POST,GET pattern = authorization/roles [expose:authorization_roles_ELEMENT] methods = GET,DELETE,POST pattern = authorization/roles/* [expose:authorization_fieldfilters] methods = POST,GET pattern = authorization/fieldfilters [expose:authorization_fieldfilters_ELEMENT] methods = GET,DELETE,POST pattern = authorization/fieldfilters/* [expose:cluster_config] pattern = cluster/config [expose:cluster_master_status] methods = GET,POST pattern = cluster/master/status [expose:workloads_status] methods = GET pattern = workloads/status [expose:workloads_config_preflight_checks] methods = GET pattern = workloads/config/preflight-checks [expose:workloads_config_enable] methods = POST pattern = workloads/config/enable [expose:workloads_config_disable] methods = POST pattern = workloads/config/disable [expose:workloads_pools] methods = GET,POST pattern = workloads/pools [expose:workloads_pools_ELEMENT] methods = GET,POST,DELETE pattern = workloads/pools/* [expose:workloads_categories] methods = GET,POST pattern = workloads/categories [expose:workloads_categories_ELEMENT] methods = GET,POST,DELETE pattern = workloads/categories/* [expose:workloads_rules] methods = GET,POST pattern = workloads/rules [expose:workloads_rules_ELEMENT] methods = GET,POST,DELETE pattern = workloads/rules/* [expose:workloads_rules_ELEMENT_enable] methods = POST pattern = workloads/rules/*/enable [expose:workloads_rules_ELEMENT_disable] methods = POST pattern = workloads/rules/*/disable [expose:workloads_policy_search_admission_control] methods = POST pattern = workloads/policy/search_admission_control [expose:workloads_policy] methods = GET pattern = workloads/policy [expose:workloads_policy_ELEMENT] methods = GET,POST pattern = workloads/policy/* [expose:shcluster_config] pattern = shcluster/config [expose:shcluster_config_config] methods = GET,POST pattern = shcluster/config/* [expose:shcluster_members] methods = GET,POST pattern = shcluster/member/members [expose:shcluster_restart] methods = POST pattern = shcluster/captain/control/control/restart [expose:shcluster_captain_transfer] methods = POST pattern = shcluster/member/consensus/*/transfer_captaincy [expose:shcluster_status] methods = GET pattern = shcluster/status [expose:cluster_master_buckets_ELEMENT] methods = GET pattern = cluster/master/buckets/* [expose:cluster_master_buckets_ELEMENT_remove_all] methods = POST pattern = cluster/master/buckets/*/remove_all [expose:cluster_master_buckets_ELEMENT_remove_from_peer] methods = POST pattern = cluster/master/buckets/*/remove_from_peer [expose:cluster_master_control_control_roll_hot_buckets] methods = POST pattern = cluster/master/control/control/roll-hot-buckets [expose:cluster_master_control_control_resync_bucket_from_peer] methods = POST pattern = cluster/master/control/control/resync_bucket_from_peer [expose:cluster_master_control_control_restart] methods = POST, GET pattern = cluster/master/control/control/restart [expose:cluster_config_ELEMENT] methods = GET,POST pattern = cluster/config/* [expose:cluster_master_ELEMENT] methods = GET,POST pattern = cluster/master/* [expose:cluster_master_ELEMENT_ELEMENT] methods = GET,POST pattern = cluster/master/*/* [expose:cluster_master_control_default_apply] methods = GET,POST pattern = cluster/master/control/default/apply [expose:cluster_master_control_control_prune_index] methods = POST pattern = cluster/master/control/control/prune_index [expose:cluster_master_control_validate] methods = POST pattern = cluster/master/control/control/validate_bundle [expose:cluster_master_control_rollback] methods = POST pattern = cluster/master/control/control/rollback [expose:cluster_slave_ELEMENT] methods = GET,POST pattern = cluster/slave/* [expose:cluster_slave_info_ELEMENT] methods = GET,POST pattern = cluster/slave/info/* [expose:cluster_searchhead_ELEMENT] methods = GET,POST pattern = cluster/searchhead/* [expose:cluster_searchhead_generation_ELEMENT] methods = GET,POST pattern = cluster/searchhead/generation/* [expose:cluster_searchhead_searchheadconfig_ELEMENT] methods = GET,POST,DELETE pattern = cluster/searchhead/searchheadconfig/* [expose:cluster_manager] methods = GET,POST pattern = cluster/manager/**/* [expose:configs_conf-VALUE] methods = GET,POST pattern = configs/conf-* [expose:configs_conf-VALUE_ELEMENT] methods = GET,POST,DELETE pattern = configs/conf-*/* [expose:configs_conf-VALUE_ELEMENT_acl] methods = GET,POST pattern = configs/conf-*/*/acl [expose:configs_conf-VALUE_ELEMENT_disable] methods = POST pattern = configs/conf-*/*/disable [expose:configs_conf-VALUE_ELEMENT_enable] methods = POST pattern = configs/conf-*/*/enable [expose:configs_spec] methods = GET,POST pattern = configs/spec [expose:configs_validation] methods = POST pattern = configs/validation [expose:data_commands] pattern = data/commands [expose:data_commands_ELEMENT] pattern = data/commands/* [expose:data_commands_ELEMENT_acl] methods = POST pattern = data/commands/*/acl [expose:data_indexes] methods = POST,GET pattern = data/indexes [expose:data_indexes_ELEMENT] methods = GET,POST,DELETE pattern = data/indexes/* [expose:data_indexes_ELEMENT_disable] methods = POST pattern = data/indexes/*/disable [expose:data_indexes_ELEMENT_enable] methods = POST pattern = data/indexes/*/enable [expose:data_indexes-extended] methods = GET pattern = data/indexes-extended [expose:data_ingest_event_capture] methods = POST pattern = data/ingest/event-capture [expose:data_ingest_rfs_destinations] methods = GET,POST pattern = data/ingest/rfsdestinations [expose:data_ingest_rfs_destinations_ELEMENT] methods = GET,POST,DELETE pattern = data/ingest/rfsdestinations/* [expose:data_ingest_rfs_destinations_ELEMENT_test] methods = POST pattern = data/ingest/rfsdestinations/*/test [expose:data_ingest_rulesets] methods = GET,POST pattern = data/ingest/rulesets [expose:data_ingest_rulesets_ELEMENT] methods = GET,POST,DELETE pattern = data/ingest/rulesets/* [expose:data_ingest_rulesets_deployment] methods = GET pattern = data/ingest/ruleset-deployment [expose:data_ingest_rulesets_status] methods = GET pattern = data/ingest/ruleset-status [expose:data_ingest_ruleset_serialize] methods = POST pattern = data/ingest/ruleset-serialize [expose:data_distributed-indexes] methods = GET pattern = data/distributed-indexes [expose:data_inputs] methods = GET pattern = data/inputs [expose:data_inputs_ad] methods = POST,GET pattern = data/inputs/ad [expose:data_inputs_ad_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/ad/* [expose:data_inputs_token_http] methods = POST,GET pattern = data/inputs/http [expose:data_inputs_token_http_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/http/* [expose:data_inputs_token_http_ELEMENT_ELEMENT] methods = POST,GET pattern = data/inputs/http/*/* [expose:data_inputs_monitor] methods = POST,GET pattern = data/inputs/monitor [expose:data_inputs_monitor_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/monitor/* [expose:data_inputs_monitor_ELEMENT_members] pattern = data/inputs/monitor/*/members [expose:data_inputs_oneshot] methods = POST,GET pattern = data/inputs/oneshot [expose:data_inputs_oneshot_ELEMENT] pattern = data/inputs/oneshot/* [expose:data_inputs_registry] methods = POST,GET pattern = data/inputs/registry [expose:data_inputs_registry_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/registry/* [expose:data_inputs_script] methods = POST,GET pattern = data/inputs/script [expose:data_inputs_script_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/script/* [expose:data_inputs_script_restart] methods = POST pattern = data/inputs/script/restart [expose:data_inputs_tcp_cooked] methods = POST,GET pattern = data/inputs/tcp/cooked [expose:data_inputs_tcp_cooked_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/tcp/cooked/* [expose:data_inputs_tcp_cooked_ELEMENT_connections] pattern = data/inputs/tcp/cooked/*/connections [expose:data_inputs_tcp_raw] methods = POST,GET pattern = data/inputs/tcp/raw [expose:data_inputs_tcp_raw_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/tcp/raw/* [expose:data_inputs_tcp_raw_ELEMENT_connections] pattern = data/inputs/tcp/raw/*/connections [expose:data_inputs_tcp_ssl] pattern = data/inputs/tcp/ssl [expose:data_inputs_tcp_ssl_ELEMENT] methods = GET,POST pattern = data/inputs/tcp/ssl/* [expose:data_inputs_udp] methods = POST,GET pattern = data/inputs/udp [expose:data_inputs_udp_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/udp/* [expose:data_inputs_udp_ELEMENT_connections] pattern = data/inputs/udp/*/connections [expose:data_inputs_win-event-log-collections] methods = POST,GET pattern = data/inputs/win-event-log-collections [expose:data_inputs_win-event-log-collections_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/win-event-log-collections/* [expose:data_inputs_winhostmon] methods = POST,GET pattern = data/inputs/WinHostMon [expose:data_inputs_winhostmon_ELEMENT] methods = POST,GET pattern = data/inputs/WinHostMon/* [expose:data_inputs_winnetmon] methods = POST,GET pattern = data/inputs/WinNetMon [expose:data_inputs_winnetmon_ELEMENT] methods = POST,GET pattern = data/inputs/WinNetMon/* [expose:data_inputs_win-perfmon] methods = POST,GET pattern = data/inputs/win-perfmon [expose:data_inputs_win-perfmon_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/win-perfmon/* [expose:data_inputs_winprintmon] methods = POST,GET pattern = data/inputs/WinPrintMon [expose:data_inputs_winprintmon_ELEMENT] methods = POST,GET pattern = data/inputs/WinPrintMon/* [expose:data_inputs_win-wmi-collections] methods = POST,GET pattern = data/inputs/win-wmi-collections [expose:data_inputs_win-wmi-collections_ELEMENT] methods = GET,DELETE,POST pattern = data/inputs/win-wmi-collections/* [expose:data_lookup-table-files] methods = POST,GET pattern = data/lookup-table-files [expose:data_lookup-table-files_ELEMENT] methods = GET,DELETE,POST pattern = data/lookup-table-files/* [expose:data_lookup-table-files_ELEMENT_acl] methods = POST pattern = data/lookup-table-files/*/acl [expose:data_modular-inputs] methods = POST,GET pattern = data/modular-inputs [expose:data_modular-inputs_ELEMENT] methods = GET,POST pattern = data/modular-inputs/* [expose:data_outputs_tcp_default] methods = POST,GET pattern = data/outputs/tcp/default [expose:data_outputs_tcp_default_ELEMENT] methods = GET,DELETE,POST pattern = data/outputs/tcp/default/* [expose:data_outputs_tcp_group] methods = POST,GET pattern = data/outputs/tcp/group [expose:data_outputs_tcp_group_ELEMENT] methods = GET,DELETE,POST pattern = data/outputs/tcp/group/* [expose:data_outputs_tcp_server] methods = POST,GET pattern = data/outputs/tcp/server [expose:data_outputs_tcp_server_ELEMENT] methods = GET,DELETE,POST pattern = data/outputs/tcp/server/* [expose:data_outputs_tcp_server_ELEMENT_allconnections] pattern = data/outputs/tcp/server/*/allconnections [expose:data_outputs_tcp_syslog] methods = POST,GET pattern = data/outputs/tcp/syslog [expose:data_outputs_tcp_syslog_ELEMENT] methods = GET,DELETE,POST pattern = data/outputs/tcp/syslog/* [expose:data_props_extractions] methods = POST,GET pattern = data/props/extractions [expose:data_props_extractions_ELEMENT] methods = GET,DELETE,POST pattern = data/props/extractions/* [expose:data_props_extractions_ELEMENT_acl] methods = POST pattern = data/props/extractions/*/acl [expose:data_props_fieldaliases] methods = POST,GET pattern = data/props/fieldaliases [expose:data_props_fieldaliases_ELEMENT] methods = GET,DELETE,POST pattern = data/props/fieldaliases/* [expose:data_props_fieldaliases_ELEMENT_acl] methods = POST pattern = data/props/fieldaliases/*/acl [expose:data_props_lookups] methods = POST,GET pattern = data/props/lookups [expose:data_props_lookups_ELEMENT] methods = GET,DELETE,POST pattern = data/props/lookups/* [expose:data_props_lookups_ELEMENT_acl] methods = POST pattern = data/props/lookups/*/acl [expose:data_props_sourcetype-rename] methods = POST,GET pattern = data/props/sourcetype-rename [expose:data_props_sourcetype-rename_ELEMENT] methods = GET,DELETE,POST pattern = data/props/sourcetype-rename/* [expose:data_props_sourcetype-rename_ELEMENT_ACL] methods = POST pattern = data/props/sourcetype-rename/*/acl [expose:data_transforms_extractions] methods = POST,GET pattern = data/transforms/extractions [expose:data_transforms_extractions_ELEMENT] methods = GET,DELETE,POST pattern = data/transforms/extractions/* [expose:data_transforms_extractions_ELEMENT_ELEMENT] methods = POST pattern = data/transforms/extractions/*/* [expose:data_transforms_lookups] methods = POST,GET pattern = data/transforms/lookups [expose:data_transforms_lookups_ELEMENT] methods = GET,DELETE,POST pattern = data/transforms/lookups/* [expose:data_transforms_lookups_ELEMENT_acl] methods = POST pattern = data/transforms/lookups/*/acl [expose:data_metric_transforms_schema] methods = GET,POST pattern = data/transforms/metric-schema [expose:data_metric_transforms_schema_ELEMENT] methods = GET,DELETE,POST pattern = data/transforms/metric-schema/* [expose:data_ui_manager] methods = GET,POST pattern = data/ui/manager [expose:data_ui_manager_ELEMENT] methods = GET,POST pattern = data/ui/manager/* [expose:data_ui_nav] methods = GET,POST pattern = data/ui/nav [expose:data_ui_nav_ELEMENT] methods = GET,POST pattern = data/ui/nav/* [expose:data_ui_nav_ELEMENT_acl] methods = POST pattern = data/ui/nav/*/acl [expose:data_ui_prefs] methods = POST,GET pattern = data/ui/prefs [expose:data_ui_prefs_ELEMENT] methods = POST,GET,DELETE pattern = data/ui/prefs/* [expose:data_ui_times] methods = GET,POST pattern = data/ui/times [expose:data_ui_times_ELEMENT_acl] methods = POST pattern = data/ui/times/*/acl [expose:data_ui_views] methods = GET,POST pattern = data/ui/views [expose:data_ui_views_ELEMENT] methods = GET,POST,DELETE pattern = data/ui/views/* [expose:data_ui_views_ELEMENT_acl] methods = POST pattern = data/ui/views/*/acl [expose:data_ui_alerts] methods = GET,POST pattern = data/ui/alerts [expose:data_ui_alerts_ELEMENT] methods = GET,POST,DELETE pattern = data/ui/alerts/* [expose:data_ui_alerts_ELEMENT_acl] methods = POST pattern = data/ui/alerts/*/acl [expose:data_ui_panels] methods = GET,POST pattern = data/ui/panels [expose:data_ui_panels_MOVE] methods = POST pattern = data/ui/panels/*/move [expose:data_ui_panels_ELEMENT] methods = GET,POST,DELETE pattern = data/ui/panels/* [expose:data_ui_panels_ELEMENT_acl] methods = POST pattern = data/ui/panels/*/acl [expose:data_ui_viewstates] methods = GET,POST pattern = data/ui/viewstates [expose:data_ui_viewstates_ELEMENT] methods = GET,POST,DELETE pattern = data/ui/viewstates/* [expose:data_ui_visualizations] methods = GET pattern = data/ui/visualizations [expose:data_ui_visualizations_ELEMENT] methods = GET pattern = data/ui/visualizations/* [expose:data_user-prefs] methods = GET,POST pattern = data/user-prefs [expose:data_user-prefs_ELEMENT] methods = GET,POST,PUT,DELETE pattern = data/user-prefs/* [expose:data_ui_workflow-actions] methods = GET,POST pattern = data/ui/workflow-actions [expose:data_ui_workflow-actions_ELEMENT] methods = GET,POST,DELETE pattern = data/ui/workflow-actions/* [expose:data_ui_workflow-actions_ELEMENT_acl] methods = POST pattern = data/ui/workflow-actions/*/acl [expose:data_ui_global-banner] methods = GET,POST pattern = data/ui/global-banner [expose:data_ui_global-banner_ELEMENT] methods = GET,POST pattern = data/ui/global-banner/* [expose:data_ui_global-banner_ELEMENT_acl] methods = POST pattern = data/ui/global-banner/*/acl [expose:quarantined_status] methods = GET pattern = quarantined/status allowRemoteProxy = true [expose:data_vix-providers] methods = GET,POST pattern = data/vix-providers [expose:data_vix-providers_ELEMENT] methods = GET,POST,DELETE pattern = data/vix-providers/* [expose:data_vix-indexes] methods = GET,POST pattern = data/vix-indexes [expose:data_vix-indexes_ELEMENT] methods = GET,POST,DELETE pattern = data/vix-indexes/* [expose:data_vix-indexes_ELEMENT_ELEMENT] methods = GET,POST pattern = data/vix-indexes/*/* [expose:datamodel_model] methods = GET,POST pattern = datamodel/model [expose:datamodel_model_generate] pattern = datamodel/generate [expose:datamodel_model_generate_ELEMENT] pattern = datamodel/generate/* [expose:datamodel_model_ELEMENT] methods = GET,POST,DELETE pattern = datamodel/model/* [expose:datamodel_model_ELEMENT_ELEMENT] methods = POST pattern = datamodel/model/*/* [expose:datamodel_model_ELEMENT_desc] pattern = datamodel/model/*/desc [expose:datamodel_pivot] methods = GET,POST pattern = datamodel/pivot [expose:datamodel_pivot_ELEMENT] pattern = datamodel/pivot/* [expose:data_models_ELEMENT_download] pattern = data/models/*/download [expose:deployment_server_applications] methods = POST,GET,DELETE pattern = deployment/server/applications [expose:deployment_server_applications_ANYTHING] methods = POST,GET,DELETE pattern = deployment/server/applications/** [expose:deployment_server_clients] methods = POST,GET pattern = deployment/server/clients [expose:deployment_server_clients_countClients_by_machineType] pattern = deployment/server/clients/countClients_by_machineType [expose:deployment_server_clients_preview] pattern = deployment/server/clients/preview [expose:deployment_server_clients_ANYTHING.] methods = POST,GET,DELETE pattern = deployment/server/clients/** [expose:deployment_server_config] methods = POST,GET pattern = deployment/server/config [expose:deployment_server_config_ANYTHING] methods = POST,GET pattern = deployment/server/config/** [expose:deployment_server_serverclasses] methods = POST,GET pattern = deployment/server/serverclasses [expose:deployment_server_serverclasses_ANYTHING] methods = POST,GET,DELETE pattern = deployment/server/serverclasses/** [expose:deploymentsetup_app_data_inputs_remote_monitor] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_monitor [expose:deploymentsetup_app_data_inputs_remote_monitor_ANYTHING] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_monitor/** [expose:deploymentsetup_app_data_inputs_remote_script] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_script [expose:deploymentsetup_app_data_inputs_remote_script_ANYTHING] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_script/** [expose:deploymentsetup_app_data_inputs_tcp_remote_raw] methods = POST,GET pattern = deployment/server/setup/data/inputs/tcp/remote_raw [expose:deploymentsetup_app_data_inputs_tcp_remote_raw_ANYTHING] methods = POST,GET pattern = deployment/server/setup/data/inputs/tcp/remote_raw/** [expose:deploymentsetup_app_data_inputs_remote_udp] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_udp [expose:deploymentsetup_app_data_inputs_remote_udp_ANYTHING] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_udp/** [expose:deploymentsetup_app_data_inputs_remote_eventlogs] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_eventlogs [expose:deploymentsetup_app_data_inputs_remote_eventlogs_ANYTHING] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_eventlogs/** [expose:deploymentsetup_app_data_inputs_remote_perfmon] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_perfmon [expose:deploymentsetup_app_data_inputs_remote_perfmon_ANYTHING] methods = POST,GET pattern = deployment/server/setup/data/inputs/remote_perfmon/** [expose:directory] pattern = directory [expose:directory_ELEMENT] pattern = directory/* [expose:web-features] methods = GET, POST pattern = web-features [expose:web-features_ELEMENT] methods = GET, POST pattern = web-features/* [expose:field_extractor_generate_regex] methods = GET,POST pattern = field_extractor/generate_regex [expose:server_health_splunkd] methods = GET pattern = server/health/splunkd [expose:server_health_splunkd_details] methods = GET pattern = server/health/splunkd/details [expose:server_health_deployment] methods = GET pattern = server/health/deployment [expose:server_health_deployment_details] methods = GET pattern = server/health/deployment/details [expose:server_health_config] methods = POST,GET pattern = server/health-config [expose:server_health_config_ELEMENT] methods = POST,GET pattern = server/health-config/* [expose:indexing_preview] methods = GET,POST pattern = indexing/preview [expose:indexing_preview_ELEMENT] methods = GET,POST pattern = indexing/preview/* [expose:licenser_groups] pattern = licenser/groups [expose:licenser_groups_ELEMENT] methods = GET,POST pattern = licenser/groups/* [expose:licenser_licenses] methods = POST,GET pattern = licenser/licenses [expose:licenser_licenses_ELEMENT] methods = GET,POST,DELETE pattern = licenser/licenses/* [expose:licenser_messages] pattern = licenser/messages [expose:licenser_messages_ELEMENT] pattern = licenser/messages/* [expose:licenser_pools] methods = POST,GET pattern = licenser/pools [expose:licenser_pools_ELEMENT] methods = GET,DELETE,POST pattern = licenser/pools/* [expose:licenser_script] methods = POST,GET pattern = licenser/script [expose:licenser_script_ELEMENT] methods = GET,DELETE,POST pattern = licenser/script/* [expose:licenser_slaves] pattern = licenser/slaves [expose:licenser_slaves_ELEMENT] pattern = licenser/slaves/* [expose:licenser_stacks] pattern = licenser/stacks [expose:licenser_stacks_ELEMENT] pattern = licenser/stacks/* [expose:licenser_localslave] methods = GET pattern = licenser/localslave [expose:licenser_localslave_ELEMENT] methods = GET pattern = licenser/localslave/* [expose:licenser_usage] methods = GET pattern = licenser/usage [expose:licenser_usage_ELEMENT] methods = GET pattern = licenser/usage/* [expose:mbtiles_splunk-tiles_ELEMENT_ELEMENT_ELEMENT] pattern = mbtiles/splunk-tiles/*/*/* [expose:mbtiles_splunk-tiles-dark_ELEMENT_ELEMENT_ELEMENT] pattern = mbtiles/splunk-tiles-dark/*/*/* [expose:messages] methods = POST,GET pattern = messages [expose:messages_ELEMENT] methods = GET,DELETE pattern = messages/* [expose:pdfgen_render] methods = GET,POST pattern = pdfgen/render [expose:properties] methods = GET,POST pattern = properties [expose:properties_ELEMENT] methods = GET,POST pattern = properties/* [expose:properties_ELEMENT_ELEMENT] methods = GET,POST pattern = properties/*/* [expose:properties_ELEMENT_ELEMENT_ELEMENT] methods = GET,POST pattern = properties/*/*/* [expose:receivers_simple] methods = POST pattern = receivers/simple [expose:receivers_stream] methods = POST pattern = receivers/stream [expose:saved_bookmarks] methods = POST,GET pattern = saved/bookmarks/monitoring_console [expose:saved_eventtypes] methods = POST,GET pattern = saved/eventtypes [expose:saved_eventtypes_ELEMENT] methods = GET,DELETE,POST pattern = saved/eventtypes/* [expose:saved_eventtypes_ELEMENT_acl] methods = POST pattern = saved/eventtypes/*/acl [expose:saved_fvtags] methods = GET,POST pattern = saved/fvtags [expose:saved_fvtags_ELEMENT] methods = GET,DELETE,POST pattern = saved/fvtags/* [expose:saved_fvtags_ELEMENT_acl] methods = POST pattern = saved/fvtags/*/acl [expose:data_macros] methods = GET,POST pattern = data/macros [expose:data_macros_ELEMENT] methods = GET,DELETE,POST pattern = data/macros/* [expose:data_macros_ELEMENT_acl] methods = POST pattern = data/macros/*/acl [expose:saved_sourcetypes] methods = GET,POST pattern = saved/sourcetypes [expose:saved_sourcetypes_ELEMENT] methods = GET,DELETE,POST pattern = saved/sourcetypes/* [expose:saved_searches] methods = POST,GET pattern = saved/searches [expose:saved_searches_ELEMENT] methods = GET,DELETE,POST pattern = saved/searches/* oidEnabled = 1 [expose:saved_searches_ELEMENT_acknowledge] methods = POST pattern = saved/searches/*/acknowledge [expose:saved_searches_ELEMENT_acl] methods = POST pattern = saved/searches/*/acl [expose:saved_searches_ELEMENT_dispatch] methods = POST pattern = saved/searches/*/dispatch [expose:saved_searches_ELEMENT_embed] methods = POST pattern = saved/searches/*/embed [expose:saved_searches_ELEMENT_history] pattern = saved/searches/*/history oidEnabled = 1 [expose:saved_searches_ELEMENT_scheduled_times] pattern = saved/searches/*/scheduled_times [expose:saved_searches_ELEMENT_suppress] pattern = saved/searches/*/suppress [expose:saved_searches_ELEMENT_unembed] methods = POST pattern = saved/searches/*/unembed [expose:saved_searches_ELEMENT_move] methods = POST pattern = saved/searches/*/move [expose:saved_searches_ELEMENT_disable] methods = POST pattern = saved/searches/*/disable [expose:saved_searches_ELEMENT_enable] methods = POST pattern = saved/searches/*/enable [expose:metric_alerts] methods = POST,GET pattern = alerts/metric_alerts [expose:metric_alerts_ELEMENT] methods = GET,DELETE,POST pattern = alerts/metric_alerts/* oidEnabled = 1 [expose:metric_alerts_ELEMENT_acl] methods = POST pattern = alerts/metric_alerts/*/acl [expose:catalog_metricstore] methods = GET pattern = catalog/metricstore/* [expose:catalog_metricstore_ELEMENT_values] methods = GET pattern = catalog/metricstore/dimensions/*/values oidEnabled = 1 [expose:catalog_metricstore_rollup] methods = GET,POST pattern = catalog/metricstore/rollup [expose:catalog_metricstore_rollup_ELEMENT] methods = GET,POST,DELETE pattern = catalog/metricstore/rollup/* [expose:scheduled_views] pattern = scheduled/views [expose:scheduled_views_ELEMENT] methods = GET,DELETE,POST pattern = scheduled/views/* [expose:scheduled_views_ELEMENT_dispatch] methods = POST pattern = scheduled/views/*/dispatch [expose:scheduled_views_ELEMENT_history] pattern = scheduled/views/*/history [expose:scheduled_views_ELEMENT_scheduled_times] pattern = scheduled/views/*/scheduled_times [expose:search_concurrency-settings] methods = GET pattern = search/concurrency-settings [expose:search_concurrency-settings_search] methods = POST pattern = search/concurrency-settings/search [expose:search_concurrency-settings_scheduler] methods = POST pattern = search/concurrency-settings/scheduler [expose:server_status_limits_search-concurrency] methods = GET pattern = server/status/limits/search-concurrency [expose:search_distributed_config] pattern = search/distributed/config [expose:search_distributed_config_ELEMENT] methods = GET,DELETE,POST pattern = search/distributed/config/* [expose:search_distributed_peers] methods = POST,GET pattern = search/distributed/peers [expose:search_distributed_peers_ELEMENT] methods = GET,DELETE,POST pattern = search/distributed/peers/* [expose:search_distributed_groups] methods = POST,GET pattern = search/distributed/groups [expose:search_distributed_groups_ELEMENT] methods = GET,DELETE,POST pattern = search/distributed/groups/* [expose:search_distributed_groups_ELEMENT_edit] methods = POST pattern = search/distributed/groups/*/edit [expose:search_fields] pattern = search/fields [expose:search_fields_ELEMENT] pattern = search/fields/* [expose:search_fields_ELEMENT_tags] methods = GET,POST pattern = search/fields/*/tags [expose:search_intentionsparser] methods = GET,POST pattern = search/intentionsparser [expose:search_jobs] methods = GET,POST pattern = search/jobs [expose:search_jobs_ELEMENT] methods = GET,DELETE,POST pattern = search/jobs/* oidEnabled = 1 [expose:search_jobs_ELEMENT_acl] methods = POST pattern = search/jobs/*/acl [expose:search_jobs_ELEMENT_control] methods = POST pattern = search/jobs/*/control [expose:search_jobs_ELEMENT_events] methods = GET,POST pattern = search/jobs/*/events oidEnabled = 1 [expose:search_jobs_ELEMENT_results] methods = GET,POST pattern = search/jobs/*/results [expose:search_jobs_ELEMENT_results_preview] methods = GET,POST pattern = search/jobs/*/results_preview oidEnabled = 1 [expose:search_jobs_ELEMENT_search.log] pattern = search/jobs/*/search.log [expose:search_jobs_ELEMENT_summary] pattern = search/jobs/*/summary [expose:search_jobs_ELEMENT_timeline] pattern = search/jobs/*/timeline [expose:search_jobs_export] methods = GET,POST pattern = search/jobs/export [expose:search_parser] methods = GET,POST pattern = search/parser [expose:search_shelper] pattern = search/shelper [expose:search_tags] pattern = search/tags [expose:search_tags_ELEMENT] methods = GET,POST,DELETE pattern = search/tags/* [expose:search_timeparser] pattern = search/timeparser [expose:search_typeahead] pattern = search/typeahead [expose:server_control] pattern = server/control [expose:server_control_restart] methods = POST pattern = server/control/restart [expose:server_info] pattern = server/info [expose:server_info_ELEMENT] pattern = server/info/* [expose:server_logger] pattern = server/logger [expose:server_logger_ELEMENT] methods = GET,POST pattern = server/logger/* [expose:server_settings] pattern = server/settings [expose:server_settings_ELEMENT] methods = GET,POST pattern = server/settings/* [expose:services_cluster_master_control_control_rebalance_buckets] methods = POST pattern = cluster/master/control/control/rebalance_buckets [expose:static_ELEMENT] pattern = static/* [expose:storage_collections_ANYTHING] methods = GET,DELETE,POST pattern = storage/collections/** [expose:storage_collections-conf_ANYTHING] methods = GET,DELETE,POST pattern = storage/collections-conf/** [expose:storage_passwords] methods = POST,GET pattern = storage/passwords [expose:storage_passwords_ELEMENT] methods = GET,DELETE,POST pattern = storage/passwords/* [expose:ui_tours] methods = GET,DELETE,POST pattern = data/ui/ui-tour [expose:ui_tours_ELEMENT] methods = GET,DELETE,POST pattern = data/ui/ui-tour/* [expose:livetail] methods = GET,DELETE,POST pattern = data/ui/livetail [expose:livetail_ELEMENT] methods = GET,DELETE,POST pattern = data/ui/livetail/* [expose:appsbrowser] methods = GET pattern = appsbrowser [expose:appsbrowser_ELEMENT] methods = GET,POST pattern = appsbrowser/** [expose:alert_actions] methods = GET,DELETE,POST pattern = alerts/alert_actions [expose:alert_actions_ELEMENT] methods = GET,DELETE,POST pattern = alerts/alert_actions/* [expose:alert_actions_ELEMENT_acl] methods = GET,POST pattern = alerts/alert_actions/*/acl [expose:alert_actions_ui] methods = GET,DELETE,POST pattern = data/ui/alerts [expose:alert_actions_ui_ELEMENT] methods = GET,DELETE,POST pattern = data/ui/alerts/* [expose:alert_actions_ui_ELEMENT_acl] methods = GET,POST pattern = data/ui/alerts/*/acl [expose:visualizations] pattern = configs/conf-visualizations [expose:ast] methods = POST pattern = search/ast [expose:datasets] methods = GET pattern = datasets [expose:watchdog_pstacks] methods = GET pattern = server/pstacks [expose:watchdog] methods = POST pattern = server/watchdog [expose:scs_tenantinfo] methods = GET pattern = server/scs/tenantinfo [expose:telemetry_metric] methods = POST pattern = telemetry-metric [expose:diag] methods = GET, DELETE pattern = diag [expose:diag/status] methods = GET pattern = diag/status allowRemoteProxy = true [expose:admin_splunk_auth] methods = POST,GET pattern = admin/Splunk-auth [expose:admin_splunk_auth_ELEMENT] methods = POST,GET,DELETE pattern = admin/Splunk-auth/* [expose:federated_indexes] methods = POST,GET pattern = data/federated/index [expose:federated_indexes_ELEMENT] methods = POST,GET,DELETE pattern = data/federated/index/* [expose:federated_indexes_ELEMENT_disable] methods = POST pattern = data/federated/index/*/disable [expose:federated_indexes_ELEMENT_enable] methods = POST pattern = data/federated/index/*/enable [expose:federated_provider] methods = POST, GET pattern = data/federated/provider [expose:federated_provider_ELEMENT] methods = POST,GET,DELETE pattern = data/federated/provider/* [expose:federated_provider_ELEMENT_disable] methods = POST pattern = data/federated/provider/*/disable [expose:federated_provider_ELEMENT_enable] methods = POST pattern = data/federated/provider/*/enable [expose:federated_settings] methods = POST, GET pattern = data/federated/settings [expose:federated_settings_ELEMENT] methods = POST,GET,DELETE pattern = data/federated/settings/* [expose:datalake_categories] methods = GET pattern = data/datalake/categories [expose:datalake_categories_ELEMENT] methods = GET pattern = data/datalake/categories/* [expose:datalake_ingest] methods = POST,GET pattern = data/datalake/ingest [expose:datalake_ingest_ELEMENT] methods = POST,PUT,GET pattern = data/datalake/ingest/* [expose:datalake_ingest_ELEMENT_categories] methods = GET pattern = data/datalake/ingest/*/categories [expose:datalake_index] methods = GET,POST pattern = data/datalake/index [expose:datalake_index_ELEMENT] methods = POST pattern = data/datalake/index/* # token auth [expose:admin_token_auth] methods = POST,GET pattern = admin/Token-auth [expose:admin_token_auth_ELEMENT] methods = POST,GET pattern = admin/Token-auth/* [expose:authorization_tokens] methods = POST,GET pattern = authorization/tokens [expose:authorization_tokens_ELEMENT] methods = POST,GET,DELETE pattern = authorization/tokens/* [expose:remote-proxy] methods = POST,GET pattern = remote-proxy/**