You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2280 lines
59 KiB
2280 lines
59 KiB
# Version 9.2.2.20240415
|
|
# DO NOT EDIT THIS FILE!
|
|
# Changes to default files will be lost on update and are difficult to
|
|
# manage and support.
|
|
#
|
|
# Please make any changes to system defaults by overriding them in
|
|
# apps or $SPLUNK_HOME/etc/system/local
|
|
# (See "Configuration file precedence" in the web documentation).
|
|
#
|
|
# To override a specific setting, copy the name of the stanza and
|
|
# setting to the file where you wish to override it.
|
|
#
|
|
# This file contains possible attributes and values you can use to configure Splunk's web interface.
|
|
#
|
|
|
|
[default]
|
|
|
|
|
|
[settings]
|
|
|
|
# enable/disable the appserver
|
|
startwebserver = 1
|
|
|
|
# port number tag is missing or 0 the server will NOT start an http listener
|
|
# this is the port used for both SSL and non-SSL (we only have 1 port now).
|
|
httpport = 8000
|
|
|
|
# this determines whether to start SplunkWeb in http or https.
|
|
enableSplunkWebSSL = false
|
|
|
|
# location of splunkd; don't include http[s]:// in this anymore.
|
|
mgmtHostPort = 127.0.0.1:8089
|
|
|
|
# list of ports to start python application servers on (although usually
|
|
# one port is enough)
|
|
#
|
|
# In the past a special value of "0" could be passed here to disable
|
|
# the modern UI appserver infrastructure, but that is no longer supported.
|
|
appServerPorts = 8065
|
|
|
|
# default timeout, in seconds, when communicating with splunkd
|
|
splunkdConnectionTimeout = 30
|
|
|
|
# enable/disable custom netloc when using http client
|
|
enableSplunkWebClientNetloc = False
|
|
|
|
# SSL certificate files.
|
|
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
|
|
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
|
|
|
|
# SSL settings
|
|
# The following provides modern TLS configuration that guarantees forward-
|
|
# secrecy and efficiency. This configuration drops support for old operating
|
|
# systems (e.g. Windows Vista).
|
|
# To add support for Windows Vista set sslVersions to tls and add these
|
|
# ciphers to cipherSuite:
|
|
# ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:
|
|
# ECDHE-RSA-AES128-SHA
|
|
|
|
sslVersions = tls1.2
|
|
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
|
ecdhCurves = prime256v1, secp384r1, secp521r1
|
|
|
|
# external UI URIs
|
|
userRegistrationURL = https://www.splunk.com/page/sign_up
|
|
updateCheckerBaseURL = https://quickdraw.splunk.com/js/
|
|
docsCheckerBaseURL=https://quickdraw.splunk.com/help
|
|
|
|
#
|
|
# Splunk bar options
|
|
# Internal config. May change without notice.
|
|
#
|
|
|
|
# set the visibility of the product menu
|
|
showProductMenu = False
|
|
|
|
# set the product menu text label
|
|
productMenuLabel = My Splunk
|
|
|
|
# set the visibility of the 'Profile' link in the user menu
|
|
showUserMenuProfile = False
|
|
|
|
# set the domain product menu links to
|
|
productMenuUriPrefix = https://splunkcommunities.force.com
|
|
|
|
#
|
|
# Header options
|
|
#
|
|
|
|
# setting X-FRAME-OPTIONS header to SAMEORIGIN helps to prevent "click-jacking" attacks
|
|
x_frame_options_sameorigin = True
|
|
|
|
#
|
|
# SSO Configuration
|
|
#
|
|
|
|
# Remote user HTTP header sent by the authenticating proxy server.
|
|
# This header should be set to the authenticated user.
|
|
#
|
|
remoteUser = REMOTE_USER
|
|
|
|
# If set to 1, is more strict about matching the header specified in
|
|
# remoteUser.
|
|
remoteUserMatchExact = 0
|
|
|
|
# If set to 1, is more strict about matching the header specified in
|
|
# remoteGroups.
|
|
remoteGroupsMatchExact = 0
|
|
|
|
# Value false means splunk is expecting remote group entries in unquoted format
|
|
remoteGroupsQuoted = False
|
|
|
|
# SSO mode.
|
|
# Allows SSO to behave in either permissive or strict mode.
|
|
# Permissive: Users may login to splunkweb using a valid splunk account
|
|
# even if they are coming from a non trusted IP.
|
|
# Strict: All requests to splunkweb will be restricted to those originating
|
|
# from a trusted IP except those to endpoints not requiring authentication.
|
|
#
|
|
# allowed values: strict, permissive
|
|
# default: strict.
|
|
#
|
|
SSOMode = strict
|
|
|
|
# Trusted IP. This is the IP address of the authenticating proxy.
|
|
# Splunkweb verifies it is receiving data from the proxy host for all
|
|
# SSO requests.
|
|
# Set in local/web.conf a valid IP address to enable SSO.
|
|
#
|
|
# trustedIP = 127.0.0.1
|
|
|
|
# If set to 1, this will allow SSO to work even if server.conf doesn't
|
|
# have a trustedIP set (it still needs to be set in web.conf)
|
|
allowSsoWithoutChangingServerConf = 0
|
|
|
|
# List of OIDs to be queried while searching for PIV to perform client certificate
|
|
# based user authentication via LDAP.
|
|
certBasedUserAuthPivOidList = 1.3.6.1.4.1.311.20.2.3, Microsoft Universal Principal Name
|
|
|
|
#
|
|
# splunk appserver config
|
|
#
|
|
|
|
# Top level name for the site
|
|
root_endpoint = /
|
|
|
|
# path to static content
|
|
# The path here is automatically appended to root_endpoint defined above
|
|
static_endpoint = /static
|
|
|
|
# Set this in local/web.conf if running behind a reverse proxy
|
|
# tools.proxy.on = True
|
|
|
|
# The directory that actually holds the static content
|
|
# this can be an absolute url if you want to put it elsewhere
|
|
static_dir = share/splunk/search_mrsparkle/exposed
|
|
|
|
# The path here is automatically appended to root_endpoint defined above
|
|
rss_endpoint = /rss
|
|
|
|
# Used to override the default protocol/host of the user agent
|
|
# with a specific URI prefix for guest pass enabled content
|
|
# generated in the HTML iframe snippet
|
|
embed_uri =
|
|
|
|
# Used to override the default footer for embedded reports.
|
|
embed_footer = splunk>
|
|
|
|
# Set this in local/web.conf to enable directory indexes in static directories
|
|
# tools.staticdir.generate_indexes = 1
|
|
|
|
# base path to mako templates
|
|
template_dir = share/splunk/search_mrsparkle/templates
|
|
|
|
# base path to UI module assets
|
|
module_dir = share/splunk/search_mrsparkle/modules
|
|
|
|
# Determines if webserver applies gzip compression to responses
|
|
enable_gzip = True
|
|
|
|
# Determines if the Expires header of /static files is set to a far-future date
|
|
use_future_expires = True
|
|
|
|
# Flash support, broken into three parts.
|
|
# We currently require a min baseline of Shockwave Flash 9.0 r124
|
|
flash_major_version = 9
|
|
# DEPRECATED.
|
|
flash_minor_version = 0
|
|
# DEPRECATED.
|
|
flash_revision_version = 124
|
|
# DEPRECATED.
|
|
# Setting this to False will prevent many client-side packages (such as the Splunk JavaScript SDK) from working correctly
|
|
enable_proxy_write = True
|
|
|
|
# JavaScript Logger mode
|
|
# Available modes: None, Firebug, Server
|
|
# Mode None: Does not log anything
|
|
# Mode Firebug: Use firebug by default if it exists or defer to the older less promiscuous version of firebug lite
|
|
# Mode Server: Log to a defined server endpoint
|
|
# See js/logger.js Splunk.Logger.Mode for mode implementation details and if you would like to author your own
|
|
js_logger_mode = None
|
|
|
|
# Mode SERVER
|
|
# The server endpoint to post javascript log messages
|
|
js_logger_mode_server_end_point = util/log/js
|
|
# The interval in milliseconds to check, post and cleanse the javascript log buffer
|
|
js_logger_mode_server_poll_buffer = 1000
|
|
# The maximum size threshold to post and cleanse the javascript log buffer
|
|
js_logger_mode_server_max_buffer = 100
|
|
|
|
# Specifies the length of time lapsed (in minutes) for notification when there is no user interface clicking, mouseover, scrolling or resizing.
|
|
# If less than 1, results in no timeout notification ever being triggered (Sessions will stay alive for as long as the browser is open).
|
|
ui_inactivity_timeout = 60
|
|
|
|
# Toggle the insecure login endpoint
|
|
enable_insecure_login = False
|
|
|
|
# Toggle secure entity move
|
|
enable_secure_entity_move = True
|
|
|
|
# Toggle the secure pdfgen endpoint
|
|
enable_insecure_pdfgen = False
|
|
|
|
# Toggle for simplified error page
|
|
simple_error_page = False
|
|
|
|
# Configuration options for a in-memory cache of static objects from the application server.
|
|
cacheBytesLimit = 4194304
|
|
cacheEntriesLimit = 16384
|
|
staticCompressionLevel = 9
|
|
|
|
# Enable/Disable Form Username and Password storage prompts and control form data from being cached in session history.
|
|
enable_autocomplete_login = False
|
|
|
|
# If set to "False", skips a verification done by the login page that cookies appear to work.
|
|
verifyCookiesWorkDuringLogin = True
|
|
|
|
# Custom content for login screen
|
|
login_content =
|
|
|
|
# Control what's left on for search decomposition
|
|
enabled_decomposers = plot
|
|
|
|
#Toggle whether the static JS files for modules are consolidated and minified
|
|
minify_js = True
|
|
|
|
#Toggle whether the static CSS files for modules are consolidated and minified
|
|
minify_css = True
|
|
|
|
# Toggle whether the JS for individual modules is wrapped in a try/catch
|
|
# If True, syntax errors in individual modules will not cause the UI to hang,
|
|
# other than when using the module in question
|
|
# Set this to False when developing apps.
|
|
trap_module_exceptions = True
|
|
|
|
# Toggle whether the pivot interface will use its own ad-hoc acceleration when a data model is not accelerated.
|
|
# If True, this ad-hoc acceleration will be used to make reporting in pivot faster and more responsive.
|
|
# In situations where data is not stored in time order or where the majority of events are far in the past, disabling
|
|
# this behavior can improve the pivot experience.
|
|
# DEPRECATED in version 6.1 and later, use pivot_adhoc_acceleration_mode instead
|
|
enable_pivot_adhoc_acceleration = True
|
|
|
|
# Specify the type of ad-hoc acceleration used by the pivot interface when a data model is not accelerated.
|
|
# If Elastic, the pivot interface will only accelerate the time range specified for reporting, and will dynamically
|
|
# adjust when this time range is changed.
|
|
# If AllTime, the pivot interface will accelerate the relevant data over all time. This will make the interface
|
|
# more responsive to time-range changes but places a larger load on system resources.
|
|
# If None, the pivot interface will not use any acceleration. This means any change to the report will require
|
|
# restarting the search.
|
|
pivot_adhoc_acceleration_mode = Elastic
|
|
|
|
# Toggle whether the JSChart module runs in Test Mode
|
|
# If True, JSChart module attaches HTML classes to chart elements for introspection
|
|
# This will negatively impact performance, so should be disabled unless actively in use.
|
|
jschart_test_mode = False
|
|
|
|
#
|
|
# JSChart data truncation configuration
|
|
# To avoid browser performance impacts, the JSChart library limits the amount of data rendered in an individual chart.
|
|
|
|
# The truncation limit controls how many total points will be plotted by the chart. It can be configured here either
|
|
# across all browsers or specifically per-browser. Set the value to empty or 0 to disable the limit.
|
|
|
|
# cross-browser truncation limit, un-comment this line to apply a limit that will take precedence
|
|
# over the browser-specific limits below:
|
|
#jschart_truncation_limit = 50000
|
|
|
|
# browser-specific truncation limits:
|
|
jschart_truncation_limit.chrome = 50000
|
|
jschart_truncation_limit.firefox = 50000
|
|
jschart_truncation_limit.safari = 50000
|
|
jschart_truncation_limit.ie11 = 50000
|
|
|
|
# The series limit controls the number of series that will be plotted by the chart. This limit applies to all browsers.
|
|
# Set the value to empty or 0 to disable the limit.
|
|
jschart_series_limit = 100
|
|
|
|
# DEPRECATED: use data_params.count in visualizations.conf to override on a per-visualization basis.
|
|
# The results limit controls the number of results that will be plotted for each series. This limit applies to all browsers.
|
|
# If the product of the series limit (see above) and the results limit is greater than the truncation limit (see above),
|
|
# then the number of results per series will be reduced to meet the truncation limit.
|
|
# Set the value to empty or 0 to disable the limit.
|
|
jschart_results_limit = 10000
|
|
|
|
#
|
|
# Choropleth map data truncation
|
|
# To avoid browser performance impacts, Choropleth maps limit the amount of shapes rendered at one time.
|
|
# This limit applies to all browsers. Set the value to empty or 0 to disable the limit.
|
|
choropleth_shape_limit = 10000
|
|
|
|
# Dashboard runtime settings
|
|
dashboard_html_allow_inline_styles = true
|
|
dashboard_html_allow_iframes = true
|
|
dashboard_html_allow_embeddable_content = false
|
|
dashboard_html_wrap_embed = true
|
|
|
|
# The maximum number of views to cache in the appserver.
|
|
max_view_cache_size = 1000
|
|
|
|
# Used to bypass extra call to splunkd to determine pdfgen availability
|
|
# This is set on a per-platform basis, changing this is not recommended
|
|
pdfgen_is_available = 1
|
|
|
|
#
|
|
# cherrypy HTTP server config
|
|
#
|
|
|
|
# The default setting value provides acceptable performance for most use cases.
|
|
# If you experience UI latency, you can increase the value to a maximum of 200.
|
|
server.thread_pool = 50
|
|
|
|
# Host values may be any IPv4 or IPv6 address, or any valid hostname.
|
|
# The string 'localhost' is a synonym for '127.0.0.1' (or '::1', if
|
|
# your hosts file prefers IPv6). The string '0.0.0.0' is a special
|
|
# IPv4 entry meaning "any active interface" (INADDR_ANY), and '::'
|
|
# is the similar IN6ADDR_ANY for IPv6.
|
|
# Defaults to 0.0.0.0 if listenOnIPv6 is set to no, else ::
|
|
# server.socket_host = 0.0.0.0
|
|
|
|
# Set to "yes" to enable IPv6 support, or "only" accept connection
|
|
# on IPv6 only
|
|
listenOnIPv6 = no
|
|
|
|
# Default is to allow files up to 500MB to be uploaded to the server
|
|
# change this in local/web.conf if necessary
|
|
# max_upload_size = 500
|
|
|
|
# HTTP access log filename
|
|
log.access_file = web_access.log
|
|
|
|
# Maximum file size of the access log, in bytes
|
|
log.access_maxsize = 25000000
|
|
|
|
# Maximum number of rotated log files to retain
|
|
log.access_maxfiles = 5
|
|
|
|
# Maximum file size of the web_service.log file, in bytes
|
|
log.error_maxsize = 25000000
|
|
|
|
# Maximum number of rotated log files to retain
|
|
log.error_maxfiles = 5
|
|
|
|
# Set to True to enable debug output to the console
|
|
log.screen = True
|
|
|
|
# Set this to False on production machines
|
|
request.show_tracebacks = True
|
|
|
|
# Auto reload python files; turn on while debugging
|
|
engine.autoreload.on = False
|
|
|
|
# user session configuration
|
|
# You really don't want to turn this off
|
|
tools.sessions.on = True
|
|
tools.sessions.timeout = 60
|
|
|
|
# Set to False to expire the session cookie when the browser exits
|
|
tools.sessions.restart_persist = True
|
|
|
|
# Set to False to allow the session cookie to be read by javascript
|
|
tools.sessions.httponly = True
|
|
|
|
# Set to False to allow the session cookie to be accessible to insecure pages
|
|
tools.sessions.secure = True
|
|
|
|
# Set to True to force cookie secure flag when splunkweb is behind proxy server
|
|
tools.sessions.forceSecure = False
|
|
|
|
# Some requests such as uploading large files can take a long time
|
|
response.timeout = 7200
|
|
|
|
# Comment out the next two lines to use RAM based sessions instead
|
|
# Use an absolute path to store sessions outside of the splunk tree
|
|
tools.sessions.storage_type = file
|
|
tools.sessions.storage_path = var/run/splunk
|
|
|
|
# Decode all strings that come into Cherrpy controller methods to unicode (assumes UTF-8 encoding).
|
|
# WARNING: Disabling this will likely break the application, as all incoming strings are assumed
|
|
# to be unicode.
|
|
tools.decode.on = True
|
|
|
|
# Encodes all controller method response strings into UTF-8 str objects in Python.
|
|
# WARNING: Disabling this will likely cause high byte character encoding to fail.
|
|
tools.encode.on = True
|
|
|
|
# Force all outgoing characters to be encoded into UTF-8.
|
|
# This only works with tools.encode.on set to True.
|
|
# By setting this to utf-8, Cherrypy's default behavior of observing the Accept-Charset header
|
|
# is overwritten and forces utf-8 output. Only change this if you know a particular browser
|
|
# installation must receive some other character encoding (Latin-1 iso-8859-1, etc)
|
|
# WARNING: Change this at your own risk.
|
|
tools.encode.encoding = utf-8
|
|
|
|
# Controls CherryPy's ability to encode content type. If set to True, CherryPy will only encode
|
|
# text (text/*) content. As of the Python 3 conversion we are defaulting to False as the current
|
|
# controller responses are in Unicode.
|
|
# WARNING: Change this at your own risk.
|
|
tools.encode.text_only = False
|
|
|
|
# Path to the PID file
|
|
# pid_path = var/run/splunk/splunkweb.pid
|
|
|
|
# override MIME type for JSON data
|
|
# If this is set to True, the splunkweb appserver will serve up JSON data with
|
|
# a content-type of "text/plain; charset=UTF-8". This keeps it compatible with previous versions of Splunk.
|
|
# If this is set to False, the content-type will be "application/json; charset=UTF-8" as is standard.
|
|
# In a future version of Splunk, this default will change so that the standard content-type
|
|
# is used consistently between splunkweb endpoints and splunkd endpoints accessed through proxy
|
|
override_JSON_MIME_type_with_text_plain = True
|
|
|
|
# The amount of time, in seconds, of inactivity in Splunk Web, after which the search job automatically cancels.
|
|
job_default_auto_cancel = 62
|
|
|
|
# Minimum and maximum polling interval options for job in milliseconds (ms)
|
|
# Set job_min_polling_interval between 100 to job_max_polling_interval
|
|
# Set job_max_polling_interval up to the recommended value which is 3000
|
|
job_min_polling_interval = 100
|
|
job_max_polling_interval = 1000
|
|
|
|
# ACL we'll accept network connections from.
|
|
acceptFrom = *
|
|
|
|
# Limits on the number of threads and sockets that the HTTP server will consume.
|
|
maxThreads = 0
|
|
maxSockets = 0
|
|
# Allows moving HTTP I/O (including SSL encryptions) into separate threads. Usually best left at zero.
|
|
dedicatedIoThreads = 0
|
|
# Sets the amount of time, in seconds, that the SplunkWeb HTTP server will allow a keep-alive connection to remain idle before disconnecting it forcefully.
|
|
keepAliveIdleTimeout = 7200
|
|
busyKeepAliveIdleTimeout = 12
|
|
|
|
# Controls whether we treat allow incoming connections as HTTP/1.1.
|
|
forceHttp10 = auto
|
|
|
|
# Controls CORS headers sent with responses.
|
|
crossOriginSharingPolicy =
|
|
|
|
# Controls CORS Access-Control-Allow-Headers header.
|
|
crossOriginSharingHeaders =
|
|
|
|
# SSL options.
|
|
allowSslCompression = false
|
|
allowSslRenegotiation = true
|
|
sendStrictTransportSecurityHeader = false
|
|
includeSubDomains = false
|
|
preload = false
|
|
|
|
# Controls the visibility of the debug endpoints (i.e., /debug/**splat).
|
|
enableWebDebug = False
|
|
|
|
# Add template paths to the allowable whitelist relative to $SPLUNK_HOME.
|
|
allowableTemplatePaths =
|
|
|
|
# Enable checks for data-exfiltrating search commands
|
|
enable_risky_command_check = true
|
|
|
|
# Enable checks for data-exfiltrating search commands within a dashboard
|
|
enable_risky_command_check_dashboard = true
|
|
|
|
# REMOVED. This setting no longer has any effect.
|
|
# Whether or not the search job request accepts XML stylesheet language (XSL) as input to format search results.
|
|
# If set to "true", the search job request accepts XSL as input to format search results.
|
|
# If set to "false", the search job request does not accept XSL as input to format search results.
|
|
# Default: false
|
|
enableSearchJobXslt = false
|
|
|
|
# Default login logo image settings
|
|
loginCustomLogo =
|
|
|
|
# Default favicon image settings
|
|
customFavicon =
|
|
|
|
# Default login background image settings
|
|
loginBackgroundImageOption = default
|
|
loginCustomBackgroundImage =
|
|
|
|
# Default login footer settings
|
|
# NOTE: This option is made available only to OEM customers participating in Splunk's OEM Partner Program
|
|
# and subject to the relevant terms of the Master OEM Agreement. All other customers or partners are prohibited
|
|
# from removing or altering any copyright, trademark, and/or other intellectual property or proprietary rights
|
|
# notices of Splunk placed on or embedded in any Splunk materials.
|
|
loginFooterOption = default
|
|
loginFooterText =
|
|
|
|
# Default login document title settings
|
|
# NOTE: This option is made available only to OEM customers participating in Splunk's OEM Partner Program
|
|
# and subject to the relevant terms of the Master OEM Agreement. All other customers or partners are prohibited
|
|
# from removing or altering any copyright, trademark, and/or other intellectual property or proprietary rights
|
|
# notices of Splunk placed on or embedded in any Splunk materials.
|
|
loginDocumentTitleOption = default
|
|
loginDocumentTitleText =
|
|
|
|
# Default first time login message settings
|
|
# CAUTION: This setting is only configurable for original equipment manufacturer (OEM) customers that participate
|
|
# in the Splunk OEM Partner Program. It is subject to the terms of the Master OEM Agreement. If you are not
|
|
# a member of this program, you MUST NOT remove or alter any Splunk copyright, trademark, and/or other intellectual
|
|
# property or proprietary rights notices that Splunk embeds into any of its material. This action includes but
|
|
# is not limited to configuring this setting.
|
|
firstTimeLoginMessageOption = default
|
|
firstTimeLoginMessage =
|
|
|
|
# Default password hint at first time login on the login page.
|
|
loginPasswordHint =
|
|
|
|
# Maximum number of reports to fetch to populate the navigation drop-down menu of an app. Default is 500.
|
|
appNavReportsLimit = 500
|
|
|
|
# Log messages emitted to stderr of the appserver process to splunkd.log
|
|
appServerProcessLogStderr = false
|
|
|
|
# The Simple XML dashboard version used for newly created Simple XML dashboards.
|
|
# DEPRECATED. The dashboard framework uses the latest Simple XML dashboard version for newly created dashboards.
|
|
# CAUTION: Do not change this setting without contacting Splunk Support.
|
|
simplexml_dashboard_create_version = 1.1
|
|
|
|
# Determines whether or not Splunk Web can use insecure libraries which will be deprecated.
|
|
allow_insecure_libraries_toggle = true
|
|
|
|
# Whether or not the UI will show app context in certain locations
|
|
show_app_context = true
|
|
|
|
# The value of the "SameSite" cookie attribute for which the Splunk web server
|
|
# is to set in the web browser.
|
|
cookieSameSite = not_specified
|
|
|
|
[remoteUI]
|
|
optInRemoteUI = false
|
|
allowExternalRemote = false
|
|
|
|
|
|
# Rules for Monitoring Console
|
|
[smc]
|
|
|
|
# Rules controlling what REST interfaces are available via the web UI via the "/splunkd" endpoint:
|
|
[expose:admin_alerts]
|
|
methods = GET,DELETE
|
|
pattern = admin/alerts
|
|
|
|
[expose:admin_duo_mfa-duo_mfa]
|
|
methods = GET
|
|
pattern = admin/Duo-MFA/duo-mfa
|
|
|
|
[expose:admin_rsa_mfa-rsa-mfa]
|
|
methods = GET
|
|
pattern = admin/Rsa-MFA/rsa-mfa
|
|
|
|
[expose:admin_alerts_ELEMENT]
|
|
methods = GET,DELETE
|
|
pattern = admin/alerts/*
|
|
|
|
[expose:admin_conf-reports]
|
|
methods = POST,GET,DELETE
|
|
pattern = admin/conf-reports
|
|
|
|
[expose:admin_conf-impersonation]
|
|
methods = POST,GET
|
|
pattern = admin/conf-impersonation
|
|
|
|
[expose:admin_conf-impersonation_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = admin/conf-impersonation/*
|
|
|
|
[expose:admin_distsearch-group]
|
|
methods = POST,GET
|
|
pattern = admin/distsearch-group
|
|
|
|
[expose:admin_distsearch-group_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = admin/distsearch-group/*
|
|
|
|
[expose:admin_saml_idp_metadata]
|
|
methods = GET,POST
|
|
pattern = admin/SAML-idp-metadata
|
|
|
|
[expose:admin_saml_idp_metadata_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = admin/SAML-idp-metadata/*
|
|
|
|
[expose:admin_saml_groups]
|
|
methods = GET,POST,DELETE
|
|
pattern = admin/SAML-groups
|
|
|
|
[expose:admin_saml_groups_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = admin/SAML-groups/*
|
|
|
|
[expose:admin_telemetry]
|
|
methods = GET,POST,DELETE
|
|
pattern = admin/telemetry
|
|
|
|
[expose:admin_telemetry_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = admin/telemetry/*
|
|
|
|
[expose:admin_win-alleventlogs]
|
|
pattern = admin/win-alleventlogs
|
|
|
|
[expose:admin_win-alleventlogs_ELEMENT]
|
|
pattern = admin/win-alleventlogs/*
|
|
|
|
[expose:admin_win-perfmon]
|
|
pattern = admin/win-perfmon
|
|
|
|
[expose:admin_win-perfmon_ELEMENT]
|
|
pattern = admin/win-perfmon/*
|
|
|
|
[expose:admin_win-perfmon-find-collection]
|
|
pattern = admin/win-perfmon-find-collection
|
|
|
|
[expose:admin_win-perfmon-find-collection_ELEMENT]
|
|
pattern = admin/win-perfmon-find-collection/*
|
|
|
|
[expose:admin_win-perfmon-find-collection_ELEMENT_ELEMENT]
|
|
pattern = admin/win-perfmon-find-collection/*/*
|
|
|
|
[expose:admin_win-enum-eventlogs]
|
|
pattern = admin/win-wmi-enum-eventlogs
|
|
|
|
[expose:admin_win-enum-eventlogs_ELEMENT]
|
|
pattern = admin/win-wmi-enum-eventlogs/*
|
|
|
|
[expose:admin_win-wmi-find-collection]
|
|
pattern = admin/win-wmi-find-collection
|
|
|
|
[expose:admin_win-wmi-find-collection_ELEMENT]
|
|
pattern = admin/win-wmi-find-collection/*
|
|
|
|
[expose:admin_file-explorer]
|
|
pattern = admin/file-explorer
|
|
|
|
[expose:admin_file-explorer_ELEMENT]
|
|
pattern = admin/file-explorer/*
|
|
|
|
[expose:admin_directory]
|
|
pattern = admin/directory
|
|
|
|
[expose:admin_win-reg-explorer]
|
|
pattern = admin/win-reg-explorer
|
|
|
|
[expose:admin_win-reg-explorer_ELEMENT]
|
|
pattern = admin/win-reg-explorer/*
|
|
|
|
[expose:admin_win-ad-explorer]
|
|
pattern = admin/win-ad-explorer
|
|
|
|
[expose:admin_win-ad-explorer_ELEMENT]
|
|
pattern = admin/win-ad-explorer/*
|
|
|
|
[expose:admin_summarization]
|
|
methods = POST,GET,DELETE
|
|
pattern = admin/summarization
|
|
|
|
[expose:admin_summarization_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = admin/summarization/*
|
|
|
|
[expose:admin_summarization_ELEMENT_details]
|
|
pattern = admin/summarization/*/details
|
|
|
|
[expose:admin_users]
|
|
methods = GET,DELETE
|
|
pattern = admin/users
|
|
|
|
[expose:admin_users_ELEMENT]
|
|
methods = GET,DELETE
|
|
pattern = admin/users/*
|
|
|
|
[expose:alerts_fired_alerts]
|
|
pattern = alerts/fired_alerts
|
|
|
|
[expose:alerts_fired_alerts_ELEMENT]
|
|
methods = GET,DELETE
|
|
pattern = alerts/fired_alerts/*
|
|
|
|
[expose:apps_appinstall]
|
|
methods = POST
|
|
pattern = apps/appinstall
|
|
|
|
[expose:apps_apptemplates]
|
|
pattern = apps/apptemplates
|
|
|
|
[expose:apps_apptemplates_ELEMENT]
|
|
pattern = apps/apptemplates/*
|
|
|
|
[expose:apps_remote]
|
|
methods = GET,POST
|
|
pattern = apps/remote
|
|
|
|
[expose:apps_remote_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = apps/remote/*
|
|
|
|
[expose:apps_remote_ELEMENT_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = apps/remote/*/*
|
|
|
|
[expose:apps]
|
|
methods = GET,POST
|
|
pattern = apps/local
|
|
|
|
[expose:apps_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = apps/local/*
|
|
|
|
[expose:apps_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = apps/local/*/disable
|
|
|
|
[expose:apps_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = apps/local/*/enable
|
|
|
|
[expose:apps_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = apps/local/*/acl
|
|
|
|
[expose:apps_ELEMENT_reload]
|
|
methods = GET,POST
|
|
pattern = apps/local/*/_reload
|
|
|
|
[expose:apps_ELEMENT_dependencies]
|
|
methods = GET
|
|
pattern = apps/local/*/dependencies
|
|
|
|
[expose:auth_login]
|
|
methods = POST
|
|
pattern = auth/login
|
|
skipCSRFProtection = 1
|
|
|
|
[expose:authentication_auth-tokens]
|
|
methods = POST,GET
|
|
pattern = authentication/auth-tokens
|
|
|
|
[expose:authentication_current-context]
|
|
pattern = authentication/current-context
|
|
|
|
[expose:authentication_current-context_ELEMENT]
|
|
pattern = authentication/current-context/*
|
|
|
|
[expose:authentication_providers_saml]
|
|
methods = GET,DELETE,POST
|
|
pattern = authentication/providers/SAML
|
|
|
|
[expose:authentication_providers_saml_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = authentication/providers/SAML/*
|
|
|
|
[expose:authentication_providers_services_active_authmodule]
|
|
methods = GET
|
|
pattern = authentication/providers/services/active_authmodule
|
|
|
|
[expose:authentication_httpauth-tokens]
|
|
pattern = authentication/httpauth-tokens
|
|
|
|
[expose:authentication_httpauth-tokens_ELEMENT]
|
|
methods = GET,DELETE
|
|
pattern = authentication/httpauth-tokens/*
|
|
|
|
[expose:authentication_users]
|
|
methods = POST,GET
|
|
pattern = authentication/users
|
|
|
|
[expose:authentication_users_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = authentication/users/*
|
|
|
|
[expose:authorization_grantable_capabilities]
|
|
pattern = authorization/grantable_capabilities
|
|
|
|
[expose:authorization_capabilities]
|
|
pattern = authorization/capabilities
|
|
|
|
[expose:authorization_capabilities_ELEMENT_]
|
|
pattern = authorization/capabilities/*/
|
|
|
|
[expose:authorization_roles]
|
|
methods = POST,GET
|
|
pattern = authorization/roles
|
|
|
|
[expose:authorization_roles_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = authorization/roles/*
|
|
|
|
[expose:authorization_fieldfilters]
|
|
methods = POST,GET
|
|
pattern = authorization/fieldfilters
|
|
|
|
[expose:authorization_fieldfilters_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = authorization/fieldfilters/*
|
|
|
|
[expose:cluster_config]
|
|
pattern = cluster/config
|
|
|
|
[expose:cluster_master_status]
|
|
methods = GET,POST
|
|
pattern = cluster/master/status
|
|
|
|
[expose:workloads_status]
|
|
methods = GET
|
|
pattern = workloads/status
|
|
|
|
[expose:workloads_config_preflight_checks]
|
|
methods = GET
|
|
pattern = workloads/config/preflight-checks
|
|
|
|
[expose:workloads_config_enable]
|
|
methods = POST
|
|
pattern = workloads/config/enable
|
|
|
|
[expose:workloads_config_disable]
|
|
methods = POST
|
|
pattern = workloads/config/disable
|
|
|
|
[expose:workloads_pools]
|
|
methods = GET,POST
|
|
pattern = workloads/pools
|
|
|
|
[expose:workloads_pools_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = workloads/pools/*
|
|
|
|
[expose:workloads_categories]
|
|
methods = GET,POST
|
|
pattern = workloads/categories
|
|
|
|
[expose:workloads_categories_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = workloads/categories/*
|
|
|
|
[expose:workloads_rules]
|
|
methods = GET,POST
|
|
pattern = workloads/rules
|
|
|
|
[expose:workloads_rules_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = workloads/rules/*
|
|
|
|
[expose:workloads_rules_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = workloads/rules/*/enable
|
|
|
|
[expose:workloads_rules_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = workloads/rules/*/disable
|
|
|
|
[expose:workloads_policy_search_admission_control]
|
|
methods = POST
|
|
pattern = workloads/policy/search_admission_control
|
|
|
|
[expose:workloads_policy]
|
|
methods = GET
|
|
pattern = workloads/policy
|
|
|
|
[expose:workloads_policy_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = workloads/policy/*
|
|
|
|
[expose:shcluster_config]
|
|
pattern = shcluster/config
|
|
|
|
[expose:shcluster_config_config]
|
|
methods = GET,POST
|
|
pattern = shcluster/config/*
|
|
|
|
[expose:shcluster_members]
|
|
methods = GET,POST
|
|
pattern = shcluster/member/members
|
|
|
|
[expose:shcluster_restart]
|
|
methods = POST
|
|
pattern = shcluster/captain/control/control/restart
|
|
|
|
[expose:shcluster_captain_transfer]
|
|
methods = POST
|
|
pattern = shcluster/member/consensus/*/transfer_captaincy
|
|
|
|
[expose:shcluster_status]
|
|
methods = GET
|
|
pattern = shcluster/status
|
|
|
|
[expose:cluster_master_buckets_ELEMENT]
|
|
methods = GET
|
|
pattern = cluster/master/buckets/*
|
|
|
|
[expose:cluster_master_buckets_ELEMENT_remove_all]
|
|
methods = POST
|
|
pattern = cluster/master/buckets/*/remove_all
|
|
|
|
[expose:cluster_master_buckets_ELEMENT_remove_from_peer]
|
|
methods = POST
|
|
pattern = cluster/master/buckets/*/remove_from_peer
|
|
|
|
[expose:cluster_master_control_control_roll_hot_buckets]
|
|
methods = POST
|
|
pattern = cluster/master/control/control/roll-hot-buckets
|
|
|
|
[expose:cluster_master_control_control_resync_bucket_from_peer]
|
|
methods = POST
|
|
pattern = cluster/master/control/control/resync_bucket_from_peer
|
|
|
|
[expose:cluster_master_control_control_restart]
|
|
methods = POST, GET
|
|
pattern = cluster/master/control/control/restart
|
|
|
|
[expose:cluster_config_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/config/*
|
|
|
|
[expose:cluster_master_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/master/*
|
|
|
|
[expose:cluster_master_ELEMENT_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/master/*/*
|
|
|
|
[expose:cluster_master_control_default_apply]
|
|
methods = GET,POST
|
|
pattern = cluster/master/control/default/apply
|
|
|
|
[expose:cluster_master_control_control_prune_index]
|
|
methods = POST
|
|
pattern = cluster/master/control/control/prune_index
|
|
|
|
[expose:cluster_master_control_validate]
|
|
methods = POST
|
|
pattern = cluster/master/control/control/validate_bundle
|
|
|
|
[expose:cluster_master_control_rollback]
|
|
methods = POST
|
|
pattern = cluster/master/control/control/rollback
|
|
|
|
[expose:cluster_slave_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/slave/*
|
|
|
|
[expose:cluster_slave_info_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/slave/info/*
|
|
|
|
[expose:cluster_searchhead_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/searchhead/*
|
|
|
|
[expose:cluster_searchhead_generation_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = cluster/searchhead/generation/*
|
|
|
|
[expose:cluster_searchhead_searchheadconfig_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = cluster/searchhead/searchheadconfig/*
|
|
|
|
[expose:cluster_manager]
|
|
methods = GET,POST
|
|
pattern = cluster/manager/**/*
|
|
|
|
[expose:configs_conf-VALUE]
|
|
methods = GET,POST
|
|
pattern = configs/conf-*
|
|
|
|
[expose:configs_conf-VALUE_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = configs/conf-*/*
|
|
|
|
[expose:configs_conf-VALUE_ELEMENT_acl]
|
|
methods = GET,POST
|
|
pattern = configs/conf-*/*/acl
|
|
|
|
[expose:configs_conf-VALUE_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = configs/conf-*/*/disable
|
|
|
|
[expose:configs_conf-VALUE_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = configs/conf-*/*/enable
|
|
|
|
[expose:configs_spec]
|
|
methods = GET,POST
|
|
pattern = configs/spec
|
|
|
|
[expose:configs_validation]
|
|
methods = POST
|
|
pattern = configs/validation
|
|
|
|
[expose:data_commands]
|
|
pattern = data/commands
|
|
|
|
[expose:data_commands_ELEMENT]
|
|
pattern = data/commands/*
|
|
|
|
[expose:data_commands_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/commands/*/acl
|
|
|
|
[expose:data_indexes]
|
|
methods = POST,GET
|
|
pattern = data/indexes
|
|
|
|
[expose:data_indexes_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/indexes/*
|
|
|
|
[expose:data_indexes_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = data/indexes/*/disable
|
|
|
|
[expose:data_indexes_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = data/indexes/*/enable
|
|
|
|
[expose:data_indexes-extended]
|
|
methods = GET
|
|
pattern = data/indexes-extended
|
|
|
|
[expose:data_ingest_event_capture]
|
|
methods = POST
|
|
pattern = data/ingest/event-capture
|
|
|
|
[expose:data_ingest_rfs_destinations]
|
|
methods = GET,POST
|
|
pattern = data/ingest/rfsdestinations
|
|
|
|
[expose:data_ingest_rfs_destinations_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ingest/rfsdestinations/*
|
|
|
|
[expose:data_ingest_rfs_destinations_ELEMENT_test]
|
|
methods = POST
|
|
pattern = data/ingest/rfsdestinations/*/test
|
|
|
|
[expose:data_ingest_rulesets]
|
|
methods = GET,POST
|
|
pattern = data/ingest/rulesets
|
|
|
|
[expose:data_ingest_rulesets_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ingest/rulesets/*
|
|
|
|
[expose:data_ingest_rulesets_deployment]
|
|
methods = GET
|
|
pattern = data/ingest/ruleset-deployment
|
|
|
|
[expose:data_ingest_rulesets_status]
|
|
methods = GET
|
|
pattern = data/ingest/ruleset-status
|
|
|
|
[expose:data_ingest_ruleset_serialize]
|
|
methods = POST
|
|
pattern = data/ingest/ruleset-serialize
|
|
|
|
[expose:data_distributed-indexes]
|
|
methods = GET
|
|
pattern = data/distributed-indexes
|
|
|
|
[expose:data_inputs]
|
|
methods = GET
|
|
pattern = data/inputs
|
|
|
|
[expose:data_inputs_ad]
|
|
methods = POST,GET
|
|
pattern = data/inputs/ad
|
|
|
|
[expose:data_inputs_ad_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/ad/*
|
|
|
|
[expose:data_inputs_token_http]
|
|
methods = POST,GET
|
|
pattern = data/inputs/http
|
|
|
|
[expose:data_inputs_token_http_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/http/*
|
|
|
|
[expose:data_inputs_token_http_ELEMENT_ELEMENT]
|
|
methods = POST,GET
|
|
pattern = data/inputs/http/*/*
|
|
|
|
[expose:data_inputs_monitor]
|
|
methods = POST,GET
|
|
pattern = data/inputs/monitor
|
|
|
|
[expose:data_inputs_monitor_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/monitor/*
|
|
|
|
[expose:data_inputs_monitor_ELEMENT_members]
|
|
pattern = data/inputs/monitor/*/members
|
|
|
|
[expose:data_inputs_oneshot]
|
|
methods = POST,GET
|
|
pattern = data/inputs/oneshot
|
|
|
|
[expose:data_inputs_oneshot_ELEMENT]
|
|
pattern = data/inputs/oneshot/*
|
|
|
|
[expose:data_inputs_registry]
|
|
methods = POST,GET
|
|
pattern = data/inputs/registry
|
|
|
|
[expose:data_inputs_registry_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/registry/*
|
|
|
|
[expose:data_inputs_script]
|
|
methods = POST,GET
|
|
pattern = data/inputs/script
|
|
|
|
[expose:data_inputs_script_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/script/*
|
|
|
|
[expose:data_inputs_script_restart]
|
|
methods = POST
|
|
pattern = data/inputs/script/restart
|
|
|
|
[expose:data_inputs_tcp_cooked]
|
|
methods = POST,GET
|
|
pattern = data/inputs/tcp/cooked
|
|
|
|
[expose:data_inputs_tcp_cooked_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/tcp/cooked/*
|
|
|
|
[expose:data_inputs_tcp_cooked_ELEMENT_connections]
|
|
pattern = data/inputs/tcp/cooked/*/connections
|
|
|
|
[expose:data_inputs_tcp_raw]
|
|
methods = POST,GET
|
|
pattern = data/inputs/tcp/raw
|
|
|
|
[expose:data_inputs_tcp_raw_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/tcp/raw/*
|
|
|
|
[expose:data_inputs_tcp_raw_ELEMENT_connections]
|
|
pattern = data/inputs/tcp/raw/*/connections
|
|
|
|
[expose:data_inputs_tcp_ssl]
|
|
pattern = data/inputs/tcp/ssl
|
|
|
|
[expose:data_inputs_tcp_ssl_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = data/inputs/tcp/ssl/*
|
|
|
|
[expose:data_inputs_udp]
|
|
methods = POST,GET
|
|
pattern = data/inputs/udp
|
|
|
|
[expose:data_inputs_udp_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/udp/*
|
|
|
|
[expose:data_inputs_udp_ELEMENT_connections]
|
|
pattern = data/inputs/udp/*/connections
|
|
|
|
[expose:data_inputs_win-event-log-collections]
|
|
methods = POST,GET
|
|
pattern = data/inputs/win-event-log-collections
|
|
|
|
[expose:data_inputs_win-event-log-collections_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/win-event-log-collections/*
|
|
|
|
[expose:data_inputs_winhostmon]
|
|
methods = POST,GET
|
|
pattern = data/inputs/WinHostMon
|
|
|
|
[expose:data_inputs_winhostmon_ELEMENT]
|
|
methods = POST,GET
|
|
pattern = data/inputs/WinHostMon/*
|
|
|
|
[expose:data_inputs_winnetmon]
|
|
methods = POST,GET
|
|
pattern = data/inputs/WinNetMon
|
|
|
|
[expose:data_inputs_winnetmon_ELEMENT]
|
|
methods = POST,GET
|
|
pattern = data/inputs/WinNetMon/*
|
|
|
|
[expose:data_inputs_win-perfmon]
|
|
methods = POST,GET
|
|
pattern = data/inputs/win-perfmon
|
|
|
|
[expose:data_inputs_win-perfmon_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/win-perfmon/*
|
|
|
|
[expose:data_inputs_winprintmon]
|
|
methods = POST,GET
|
|
pattern = data/inputs/WinPrintMon
|
|
|
|
[expose:data_inputs_winprintmon_ELEMENT]
|
|
methods = POST,GET
|
|
pattern = data/inputs/WinPrintMon/*
|
|
|
|
[expose:data_inputs_win-wmi-collections]
|
|
methods = POST,GET
|
|
pattern = data/inputs/win-wmi-collections
|
|
|
|
[expose:data_inputs_win-wmi-collections_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/inputs/win-wmi-collections/*
|
|
|
|
[expose:data_lookup-table-files]
|
|
methods = POST,GET
|
|
pattern = data/lookup-table-files
|
|
|
|
[expose:data_lookup-table-files_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/lookup-table-files/*
|
|
|
|
[expose:data_lookup-table-files_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/lookup-table-files/*/acl
|
|
|
|
[expose:data_modular-inputs]
|
|
methods = POST,GET
|
|
pattern = data/modular-inputs
|
|
|
|
[expose:data_modular-inputs_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = data/modular-inputs/*
|
|
|
|
[expose:data_outputs_tcp_default]
|
|
methods = POST,GET
|
|
pattern = data/outputs/tcp/default
|
|
|
|
[expose:data_outputs_tcp_default_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/outputs/tcp/default/*
|
|
|
|
[expose:data_outputs_tcp_group]
|
|
methods = POST,GET
|
|
pattern = data/outputs/tcp/group
|
|
|
|
[expose:data_outputs_tcp_group_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/outputs/tcp/group/*
|
|
|
|
[expose:data_outputs_tcp_server]
|
|
methods = POST,GET
|
|
pattern = data/outputs/tcp/server
|
|
|
|
[expose:data_outputs_tcp_server_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/outputs/tcp/server/*
|
|
|
|
[expose:data_outputs_tcp_server_ELEMENT_allconnections]
|
|
pattern = data/outputs/tcp/server/*/allconnections
|
|
|
|
[expose:data_outputs_tcp_syslog]
|
|
methods = POST,GET
|
|
pattern = data/outputs/tcp/syslog
|
|
|
|
[expose:data_outputs_tcp_syslog_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/outputs/tcp/syslog/*
|
|
|
|
[expose:data_props_extractions]
|
|
methods = POST,GET
|
|
pattern = data/props/extractions
|
|
|
|
[expose:data_props_extractions_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/props/extractions/*
|
|
|
|
[expose:data_props_extractions_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/props/extractions/*/acl
|
|
|
|
[expose:data_props_fieldaliases]
|
|
methods = POST,GET
|
|
pattern = data/props/fieldaliases
|
|
|
|
[expose:data_props_fieldaliases_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/props/fieldaliases/*
|
|
|
|
[expose:data_props_fieldaliases_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/props/fieldaliases/*/acl
|
|
|
|
[expose:data_props_lookups]
|
|
methods = POST,GET
|
|
pattern = data/props/lookups
|
|
|
|
[expose:data_props_lookups_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/props/lookups/*
|
|
|
|
[expose:data_props_lookups_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/props/lookups/*/acl
|
|
|
|
[expose:data_props_sourcetype-rename]
|
|
methods = POST,GET
|
|
pattern = data/props/sourcetype-rename
|
|
|
|
[expose:data_props_sourcetype-rename_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/props/sourcetype-rename/*
|
|
|
|
[expose:data_props_sourcetype-rename_ELEMENT_ACL]
|
|
methods = POST
|
|
pattern = data/props/sourcetype-rename/*/acl
|
|
|
|
[expose:data_transforms_extractions]
|
|
methods = POST,GET
|
|
pattern = data/transforms/extractions
|
|
|
|
[expose:data_transforms_extractions_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/transforms/extractions/*
|
|
|
|
[expose:data_transforms_extractions_ELEMENT_ELEMENT]
|
|
methods = POST
|
|
pattern = data/transforms/extractions/*/*
|
|
|
|
[expose:data_transforms_lookups]
|
|
methods = POST,GET
|
|
pattern = data/transforms/lookups
|
|
|
|
[expose:data_transforms_lookups_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/transforms/lookups/*
|
|
|
|
[expose:data_transforms_lookups_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/transforms/lookups/*/acl
|
|
|
|
[expose:data_metric_transforms_schema]
|
|
methods = GET,POST
|
|
pattern = data/transforms/metric-schema
|
|
|
|
[expose:data_metric_transforms_schema_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/transforms/metric-schema/*
|
|
|
|
[expose:data_ui_manager]
|
|
methods = GET,POST
|
|
pattern = data/ui/manager
|
|
|
|
[expose:data_ui_manager_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = data/ui/manager/*
|
|
|
|
[expose:data_ui_nav]
|
|
methods = GET,POST
|
|
pattern = data/ui/nav
|
|
|
|
[expose:data_ui_nav_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = data/ui/nav/*
|
|
|
|
[expose:data_ui_nav_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/nav/*/acl
|
|
|
|
[expose:data_ui_prefs]
|
|
methods = POST,GET
|
|
pattern = data/ui/prefs
|
|
|
|
[expose:data_ui_prefs_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = data/ui/prefs/*
|
|
|
|
[expose:data_ui_times]
|
|
methods = GET,POST
|
|
pattern = data/ui/times
|
|
|
|
[expose:data_ui_times_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/times/*/acl
|
|
|
|
[expose:data_ui_views]
|
|
methods = GET,POST
|
|
pattern = data/ui/views
|
|
|
|
[expose:data_ui_views_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ui/views/*
|
|
|
|
[expose:data_ui_views_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/views/*/acl
|
|
|
|
[expose:data_ui_alerts]
|
|
methods = GET,POST
|
|
pattern = data/ui/alerts
|
|
|
|
[expose:data_ui_alerts_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ui/alerts/*
|
|
|
|
[expose:data_ui_alerts_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/alerts/*/acl
|
|
|
|
[expose:data_ui_panels]
|
|
methods = GET,POST
|
|
pattern = data/ui/panels
|
|
|
|
[expose:data_ui_panels_MOVE]
|
|
methods = POST
|
|
pattern = data/ui/panels/*/move
|
|
|
|
[expose:data_ui_panels_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ui/panels/*
|
|
|
|
[expose:data_ui_panels_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/panels/*/acl
|
|
|
|
[expose:data_ui_viewstates]
|
|
methods = GET,POST
|
|
pattern = data/ui/viewstates
|
|
|
|
[expose:data_ui_viewstates_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ui/viewstates/*
|
|
|
|
[expose:data_ui_visualizations]
|
|
methods = GET
|
|
pattern = data/ui/visualizations
|
|
|
|
[expose:data_ui_visualizations_ELEMENT]
|
|
methods = GET
|
|
pattern = data/ui/visualizations/*
|
|
|
|
[expose:data_user-prefs]
|
|
methods = GET,POST
|
|
pattern = data/user-prefs
|
|
|
|
[expose:data_user-prefs_ELEMENT]
|
|
methods = GET,POST,PUT,DELETE
|
|
pattern = data/user-prefs/*
|
|
|
|
[expose:data_ui_workflow-actions]
|
|
methods = GET,POST
|
|
pattern = data/ui/workflow-actions
|
|
|
|
[expose:data_ui_workflow-actions_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/ui/workflow-actions/*
|
|
|
|
[expose:data_ui_workflow-actions_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/workflow-actions/*/acl
|
|
|
|
[expose:data_ui_global-banner]
|
|
methods = GET,POST
|
|
pattern = data/ui/global-banner
|
|
|
|
[expose:data_ui_global-banner_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = data/ui/global-banner/*
|
|
|
|
[expose:data_ui_global-banner_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/ui/global-banner/*/acl
|
|
|
|
[expose:quarantined_status]
|
|
methods = GET
|
|
pattern = quarantined/status
|
|
allowRemoteProxy = true
|
|
|
|
[expose:data_vix-providers]
|
|
methods = GET,POST
|
|
pattern = data/vix-providers
|
|
|
|
[expose:data_vix-providers_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/vix-providers/*
|
|
|
|
[expose:data_vix-indexes]
|
|
methods = GET,POST
|
|
pattern = data/vix-indexes
|
|
|
|
[expose:data_vix-indexes_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = data/vix-indexes/*
|
|
|
|
[expose:data_vix-indexes_ELEMENT_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = data/vix-indexes/*/*
|
|
|
|
[expose:datamodel_model]
|
|
methods = GET,POST
|
|
pattern = datamodel/model
|
|
|
|
[expose:datamodel_model_generate]
|
|
pattern = datamodel/generate
|
|
|
|
[expose:datamodel_model_generate_ELEMENT]
|
|
pattern = datamodel/generate/*
|
|
|
|
[expose:datamodel_model_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = datamodel/model/*
|
|
|
|
[expose:datamodel_model_ELEMENT_ELEMENT]
|
|
methods = POST
|
|
pattern = datamodel/model/*/*
|
|
|
|
[expose:datamodel_model_ELEMENT_desc]
|
|
pattern = datamodel/model/*/desc
|
|
|
|
[expose:datamodel_pivot]
|
|
methods = GET,POST
|
|
pattern = datamodel/pivot
|
|
|
|
[expose:datamodel_pivot_ELEMENT]
|
|
pattern = datamodel/pivot/*
|
|
|
|
[expose:data_models_ELEMENT_download]
|
|
pattern = data/models/*/download
|
|
|
|
[expose:deployment_server_applications]
|
|
methods = POST,GET,DELETE
|
|
pattern = deployment/server/applications
|
|
|
|
[expose:deployment_server_applications_ANYTHING]
|
|
methods = POST,GET,DELETE
|
|
pattern = deployment/server/applications/**
|
|
|
|
[expose:deployment_server_clients]
|
|
methods = POST,GET
|
|
pattern = deployment/server/clients
|
|
|
|
[expose:deployment_server_clients_countClients_by_machineType]
|
|
pattern = deployment/server/clients/countClients_by_machineType
|
|
|
|
[expose:deployment_server_clients_preview]
|
|
pattern = deployment/server/clients/preview
|
|
|
|
[expose:deployment_server_clients_ANYTHING.]
|
|
methods = POST,GET,DELETE
|
|
pattern = deployment/server/clients/**
|
|
|
|
[expose:deployment_server_config]
|
|
methods = POST,GET
|
|
pattern = deployment/server/config
|
|
|
|
[expose:deployment_server_config_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/config/**
|
|
|
|
[expose:deployment_server_serverclasses]
|
|
methods = POST,GET
|
|
pattern = deployment/server/serverclasses
|
|
|
|
[expose:deployment_server_serverclasses_ANYTHING]
|
|
methods = POST,GET,DELETE
|
|
pattern = deployment/server/serverclasses/**
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_monitor]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_monitor
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_monitor_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_monitor/**
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_script]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_script
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_script_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_script/**
|
|
|
|
[expose:deploymentsetup_app_data_inputs_tcp_remote_raw]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/tcp/remote_raw
|
|
|
|
[expose:deploymentsetup_app_data_inputs_tcp_remote_raw_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/tcp/remote_raw/**
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_udp]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_udp
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_udp_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_udp/**
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_eventlogs]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_eventlogs
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_eventlogs_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_eventlogs/**
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_perfmon]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_perfmon
|
|
|
|
[expose:deploymentsetup_app_data_inputs_remote_perfmon_ANYTHING]
|
|
methods = POST,GET
|
|
pattern = deployment/server/setup/data/inputs/remote_perfmon/**
|
|
|
|
[expose:directory]
|
|
pattern = directory
|
|
|
|
[expose:directory_ELEMENT]
|
|
pattern = directory/*
|
|
|
|
[expose:web-features]
|
|
methods = GET, POST
|
|
pattern = web-features
|
|
|
|
[expose:web-features_ELEMENT]
|
|
methods = GET, POST
|
|
pattern = web-features/*
|
|
|
|
[expose:field_extractor_generate_regex]
|
|
methods = GET,POST
|
|
pattern = field_extractor/generate_regex
|
|
|
|
[expose:server_health_splunkd]
|
|
methods = GET
|
|
pattern = server/health/splunkd
|
|
|
|
[expose:server_health_splunkd_details]
|
|
methods = GET
|
|
pattern = server/health/splunkd/details
|
|
|
|
[expose:server_health_deployment]
|
|
methods = GET
|
|
pattern = server/health/deployment
|
|
|
|
[expose:server_health_deployment_details]
|
|
methods = GET
|
|
pattern = server/health/deployment/details
|
|
|
|
[expose:server_health_config]
|
|
methods = POST,GET
|
|
pattern = server/health-config
|
|
|
|
[expose:server_health_config_ELEMENT]
|
|
methods = POST,GET
|
|
pattern = server/health-config/*
|
|
|
|
[expose:indexing_preview]
|
|
methods = GET,POST
|
|
pattern = indexing/preview
|
|
|
|
[expose:indexing_preview_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = indexing/preview/*
|
|
|
|
[expose:licenser_groups]
|
|
pattern = licenser/groups
|
|
|
|
[expose:licenser_groups_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = licenser/groups/*
|
|
|
|
[expose:licenser_licenses]
|
|
methods = POST,GET
|
|
pattern = licenser/licenses
|
|
|
|
[expose:licenser_licenses_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = licenser/licenses/*
|
|
|
|
[expose:licenser_messages]
|
|
pattern = licenser/messages
|
|
|
|
[expose:licenser_messages_ELEMENT]
|
|
pattern = licenser/messages/*
|
|
|
|
[expose:licenser_pools]
|
|
methods = POST,GET
|
|
pattern = licenser/pools
|
|
|
|
[expose:licenser_pools_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = licenser/pools/*
|
|
|
|
[expose:licenser_script]
|
|
methods = POST,GET
|
|
pattern = licenser/script
|
|
|
|
[expose:licenser_script_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = licenser/script/*
|
|
|
|
[expose:licenser_slaves]
|
|
pattern = licenser/slaves
|
|
|
|
[expose:licenser_slaves_ELEMENT]
|
|
pattern = licenser/slaves/*
|
|
|
|
[expose:licenser_stacks]
|
|
pattern = licenser/stacks
|
|
|
|
[expose:licenser_stacks_ELEMENT]
|
|
pattern = licenser/stacks/*
|
|
|
|
[expose:licenser_localslave]
|
|
methods = GET
|
|
pattern = licenser/localslave
|
|
|
|
[expose:licenser_localslave_ELEMENT]
|
|
methods = GET
|
|
pattern = licenser/localslave/*
|
|
|
|
[expose:licenser_usage]
|
|
methods = GET
|
|
pattern = licenser/usage
|
|
|
|
[expose:licenser_usage_ELEMENT]
|
|
methods = GET
|
|
pattern = licenser/usage/*
|
|
|
|
[expose:mbtiles_splunk-tiles_ELEMENT_ELEMENT_ELEMENT]
|
|
pattern = mbtiles/splunk-tiles/*/*/*
|
|
|
|
[expose:mbtiles_splunk-tiles-dark_ELEMENT_ELEMENT_ELEMENT]
|
|
pattern = mbtiles/splunk-tiles-dark/*/*/*
|
|
|
|
[expose:messages]
|
|
methods = POST,GET
|
|
pattern = messages
|
|
|
|
[expose:messages_ELEMENT]
|
|
methods = GET,DELETE
|
|
pattern = messages/*
|
|
|
|
[expose:pdfgen_render]
|
|
methods = GET,POST
|
|
pattern = pdfgen/render
|
|
|
|
[expose:properties]
|
|
methods = GET,POST
|
|
pattern = properties
|
|
|
|
[expose:properties_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = properties/*
|
|
|
|
[expose:properties_ELEMENT_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = properties/*/*
|
|
|
|
[expose:properties_ELEMENT_ELEMENT_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = properties/*/*/*
|
|
|
|
[expose:receivers_simple]
|
|
methods = POST
|
|
pattern = receivers/simple
|
|
|
|
[expose:receivers_stream]
|
|
methods = POST
|
|
pattern = receivers/stream
|
|
|
|
[expose:saved_bookmarks]
|
|
methods = POST,GET
|
|
pattern = saved/bookmarks/monitoring_console
|
|
|
|
[expose:saved_eventtypes]
|
|
methods = POST,GET
|
|
pattern = saved/eventtypes
|
|
|
|
[expose:saved_eventtypes_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = saved/eventtypes/*
|
|
|
|
[expose:saved_eventtypes_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = saved/eventtypes/*/acl
|
|
|
|
[expose:saved_fvtags]
|
|
methods = GET,POST
|
|
pattern = saved/fvtags
|
|
|
|
[expose:saved_fvtags_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = saved/fvtags/*
|
|
|
|
[expose:saved_fvtags_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = saved/fvtags/*/acl
|
|
|
|
[expose:data_macros]
|
|
methods = GET,POST
|
|
pattern = data/macros
|
|
|
|
[expose:data_macros_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/macros/*
|
|
|
|
[expose:data_macros_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = data/macros/*/acl
|
|
|
|
[expose:saved_sourcetypes]
|
|
methods = GET,POST
|
|
pattern = saved/sourcetypes
|
|
|
|
[expose:saved_sourcetypes_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = saved/sourcetypes/*
|
|
|
|
[expose:saved_searches]
|
|
methods = POST,GET
|
|
pattern = saved/searches
|
|
|
|
[expose:saved_searches_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = saved/searches/*
|
|
oidEnabled = 1
|
|
|
|
[expose:saved_searches_ELEMENT_acknowledge]
|
|
methods = POST
|
|
pattern = saved/searches/*/acknowledge
|
|
|
|
[expose:saved_searches_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = saved/searches/*/acl
|
|
|
|
[expose:saved_searches_ELEMENT_dispatch]
|
|
methods = POST
|
|
pattern = saved/searches/*/dispatch
|
|
|
|
[expose:saved_searches_ELEMENT_embed]
|
|
methods = POST
|
|
pattern = saved/searches/*/embed
|
|
|
|
[expose:saved_searches_ELEMENT_history]
|
|
pattern = saved/searches/*/history
|
|
oidEnabled = 1
|
|
|
|
[expose:saved_searches_ELEMENT_scheduled_times]
|
|
pattern = saved/searches/*/scheduled_times
|
|
|
|
[expose:saved_searches_ELEMENT_suppress]
|
|
pattern = saved/searches/*/suppress
|
|
|
|
[expose:saved_searches_ELEMENT_unembed]
|
|
methods = POST
|
|
pattern = saved/searches/*/unembed
|
|
|
|
[expose:saved_searches_ELEMENT_move]
|
|
methods = POST
|
|
pattern = saved/searches/*/move
|
|
|
|
[expose:saved_searches_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = saved/searches/*/disable
|
|
|
|
[expose:saved_searches_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = saved/searches/*/enable
|
|
|
|
[expose:metric_alerts]
|
|
methods = POST,GET
|
|
pattern = alerts/metric_alerts
|
|
|
|
[expose:metric_alerts_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = alerts/metric_alerts/*
|
|
oidEnabled = 1
|
|
|
|
[expose:metric_alerts_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = alerts/metric_alerts/*/acl
|
|
|
|
[expose:catalog_metricstore]
|
|
methods = GET
|
|
pattern = catalog/metricstore/*
|
|
|
|
[expose:catalog_metricstore_ELEMENT_values]
|
|
methods = GET
|
|
pattern = catalog/metricstore/dimensions/*/values
|
|
oidEnabled = 1
|
|
|
|
[expose:catalog_metricstore_rollup]
|
|
methods = GET,POST
|
|
pattern = catalog/metricstore/rollup
|
|
|
|
[expose:catalog_metricstore_rollup_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = catalog/metricstore/rollup/*
|
|
|
|
[expose:scheduled_views]
|
|
pattern = scheduled/views
|
|
|
|
[expose:scheduled_views_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = scheduled/views/*
|
|
|
|
[expose:scheduled_views_ELEMENT_dispatch]
|
|
methods = POST
|
|
pattern = scheduled/views/*/dispatch
|
|
|
|
[expose:scheduled_views_ELEMENT_history]
|
|
pattern = scheduled/views/*/history
|
|
|
|
[expose:scheduled_views_ELEMENT_scheduled_times]
|
|
pattern = scheduled/views/*/scheduled_times
|
|
|
|
[expose:search_concurrency-settings]
|
|
methods = GET
|
|
pattern = search/concurrency-settings
|
|
|
|
[expose:search_concurrency-settings_search]
|
|
methods = POST
|
|
pattern = search/concurrency-settings/search
|
|
|
|
[expose:search_concurrency-settings_scheduler]
|
|
methods = POST
|
|
pattern = search/concurrency-settings/scheduler
|
|
|
|
[expose:server_status_limits_search-concurrency]
|
|
methods = GET
|
|
pattern = server/status/limits/search-concurrency
|
|
|
|
[expose:search_distributed_config]
|
|
pattern = search/distributed/config
|
|
|
|
[expose:search_distributed_config_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = search/distributed/config/*
|
|
|
|
[expose:search_distributed_peers]
|
|
methods = POST,GET
|
|
pattern = search/distributed/peers
|
|
|
|
[expose:search_distributed_peers_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = search/distributed/peers/*
|
|
|
|
[expose:search_distributed_groups]
|
|
methods = POST,GET
|
|
pattern = search/distributed/groups
|
|
|
|
[expose:search_distributed_groups_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = search/distributed/groups/*
|
|
|
|
[expose:search_distributed_groups_ELEMENT_edit]
|
|
methods = POST
|
|
pattern = search/distributed/groups/*/edit
|
|
|
|
[expose:search_fields]
|
|
pattern = search/fields
|
|
|
|
[expose:search_fields_ELEMENT]
|
|
pattern = search/fields/*
|
|
|
|
[expose:search_fields_ELEMENT_tags]
|
|
methods = GET,POST
|
|
pattern = search/fields/*/tags
|
|
|
|
[expose:search_intentionsparser]
|
|
methods = GET,POST
|
|
pattern = search/intentionsparser
|
|
|
|
[expose:search_jobs]
|
|
methods = GET,POST
|
|
pattern = search/jobs
|
|
|
|
[expose:search_jobs_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = search/jobs/*
|
|
oidEnabled = 1
|
|
|
|
[expose:search_jobs_ELEMENT_acl]
|
|
methods = POST
|
|
pattern = search/jobs/*/acl
|
|
|
|
[expose:search_jobs_ELEMENT_control]
|
|
methods = POST
|
|
pattern = search/jobs/*/control
|
|
|
|
[expose:search_jobs_ELEMENT_events]
|
|
methods = GET,POST
|
|
pattern = search/jobs/*/events
|
|
oidEnabled = 1
|
|
|
|
[expose:search_jobs_ELEMENT_results]
|
|
methods = GET,POST
|
|
pattern = search/jobs/*/results
|
|
|
|
[expose:search_jobs_ELEMENT_results_preview]
|
|
methods = GET,POST
|
|
pattern = search/jobs/*/results_preview
|
|
oidEnabled = 1
|
|
|
|
[expose:search_jobs_ELEMENT_search.log]
|
|
pattern = search/jobs/*/search.log
|
|
|
|
[expose:search_jobs_ELEMENT_summary]
|
|
pattern = search/jobs/*/summary
|
|
|
|
[expose:search_jobs_ELEMENT_timeline]
|
|
pattern = search/jobs/*/timeline
|
|
|
|
[expose:search_jobs_export]
|
|
methods = GET,POST
|
|
pattern = search/jobs/export
|
|
|
|
[expose:search_parser]
|
|
methods = GET,POST
|
|
pattern = search/parser
|
|
|
|
[expose:search_shelper]
|
|
pattern = search/shelper
|
|
|
|
[expose:search_tags]
|
|
pattern = search/tags
|
|
|
|
[expose:search_tags_ELEMENT]
|
|
methods = GET,POST,DELETE
|
|
pattern = search/tags/*
|
|
|
|
[expose:search_timeparser]
|
|
pattern = search/timeparser
|
|
|
|
[expose:search_typeahead]
|
|
pattern = search/typeahead
|
|
|
|
[expose:server_control]
|
|
pattern = server/control
|
|
|
|
[expose:server_control_restart]
|
|
methods = POST
|
|
pattern = server/control/restart
|
|
|
|
[expose:server_info]
|
|
pattern = server/info
|
|
|
|
[expose:server_info_ELEMENT]
|
|
pattern = server/info/*
|
|
|
|
[expose:server_logger]
|
|
pattern = server/logger
|
|
|
|
[expose:server_logger_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = server/logger/*
|
|
|
|
[expose:server_settings]
|
|
pattern = server/settings
|
|
|
|
[expose:server_settings_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = server/settings/*
|
|
|
|
[expose:services_cluster_master_control_control_rebalance_buckets]
|
|
methods = POST
|
|
pattern = cluster/master/control/control/rebalance_buckets
|
|
|
|
[expose:static_ELEMENT]
|
|
pattern = static/*
|
|
|
|
[expose:storage_collections_ANYTHING]
|
|
methods = GET,DELETE,POST
|
|
pattern = storage/collections/**
|
|
|
|
[expose:storage_collections-conf_ANYTHING]
|
|
methods = GET,DELETE,POST
|
|
pattern = storage/collections-conf/**
|
|
|
|
[expose:storage_passwords]
|
|
methods = POST,GET
|
|
pattern = storage/passwords
|
|
|
|
[expose:storage_passwords_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = storage/passwords/*
|
|
|
|
[expose:ui_tours]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/ui/ui-tour
|
|
|
|
[expose:ui_tours_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/ui/ui-tour/*
|
|
|
|
[expose:livetail]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/ui/livetail
|
|
|
|
[expose:livetail_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/ui/livetail/*
|
|
|
|
[expose:appsbrowser]
|
|
methods = GET
|
|
pattern = appsbrowser
|
|
|
|
[expose:appsbrowser_ELEMENT]
|
|
methods = GET,POST
|
|
pattern = appsbrowser/**
|
|
[expose:alert_actions]
|
|
methods = GET,DELETE,POST
|
|
pattern = alerts/alert_actions
|
|
|
|
[expose:alert_actions_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = alerts/alert_actions/*
|
|
|
|
[expose:alert_actions_ELEMENT_acl]
|
|
methods = GET,POST
|
|
pattern = alerts/alert_actions/*/acl
|
|
|
|
[expose:alert_actions_ui]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/ui/alerts
|
|
|
|
[expose:alert_actions_ui_ELEMENT]
|
|
methods = GET,DELETE,POST
|
|
pattern = data/ui/alerts/*
|
|
|
|
[expose:alert_actions_ui_ELEMENT_acl]
|
|
methods = GET,POST
|
|
pattern = data/ui/alerts/*/acl
|
|
|
|
[expose:visualizations]
|
|
pattern = configs/conf-visualizations
|
|
|
|
[expose:ast]
|
|
methods = POST
|
|
pattern = search/ast
|
|
|
|
[expose:datasets]
|
|
methods = GET
|
|
pattern = datasets
|
|
|
|
[expose:watchdog_pstacks]
|
|
methods = GET
|
|
pattern = server/pstacks
|
|
|
|
[expose:watchdog]
|
|
methods = POST
|
|
pattern = server/watchdog
|
|
|
|
[expose:scs_tenantinfo]
|
|
methods = GET
|
|
pattern = server/scs/tenantinfo
|
|
|
|
[expose:telemetry_metric]
|
|
methods = POST
|
|
pattern = telemetry-metric
|
|
|
|
[expose:diag]
|
|
methods = GET, DELETE
|
|
pattern = diag
|
|
|
|
[expose:diag/status]
|
|
methods = GET
|
|
pattern = diag/status
|
|
allowRemoteProxy = true
|
|
|
|
[expose:admin_splunk_auth]
|
|
methods = POST,GET
|
|
pattern = admin/Splunk-auth
|
|
|
|
[expose:admin_splunk_auth_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = admin/Splunk-auth/*
|
|
|
|
[expose:federated_indexes]
|
|
methods = POST,GET
|
|
pattern = data/federated/index
|
|
|
|
[expose:federated_indexes_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = data/federated/index/*
|
|
|
|
[expose:federated_indexes_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = data/federated/index/*/disable
|
|
|
|
[expose:federated_indexes_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = data/federated/index/*/enable
|
|
|
|
[expose:federated_provider]
|
|
methods = POST, GET
|
|
pattern = data/federated/provider
|
|
|
|
[expose:federated_provider_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = data/federated/provider/*
|
|
|
|
[expose:federated_provider_ELEMENT_disable]
|
|
methods = POST
|
|
pattern = data/federated/provider/*/disable
|
|
|
|
[expose:federated_provider_ELEMENT_enable]
|
|
methods = POST
|
|
pattern = data/federated/provider/*/enable
|
|
|
|
[expose:federated_settings]
|
|
methods = POST, GET
|
|
pattern = data/federated/settings
|
|
|
|
[expose:federated_settings_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = data/federated/settings/*
|
|
|
|
[expose:datalake_categories]
|
|
methods = GET
|
|
pattern = data/datalake/categories
|
|
|
|
[expose:datalake_categories_ELEMENT]
|
|
methods = GET
|
|
pattern = data/datalake/categories/*
|
|
|
|
[expose:datalake_ingest]
|
|
methods = POST,GET
|
|
pattern = data/datalake/ingest
|
|
|
|
[expose:datalake_ingest_ELEMENT]
|
|
methods = POST,PUT,GET
|
|
pattern = data/datalake/ingest/*
|
|
|
|
[expose:datalake_ingest_ELEMENT_categories]
|
|
methods = GET
|
|
pattern = data/datalake/ingest/*/categories
|
|
|
|
[expose:datalake_index]
|
|
methods = GET,POST
|
|
pattern = data/datalake/index
|
|
|
|
[expose:datalake_index_ELEMENT]
|
|
methods = POST
|
|
pattern = data/datalake/index/*
|
|
|
|
# token auth
|
|
[expose:admin_token_auth]
|
|
methods = POST,GET
|
|
pattern = admin/Token-auth
|
|
|
|
[expose:admin_token_auth_ELEMENT]
|
|
methods = POST,GET
|
|
pattern = admin/Token-auth/*
|
|
|
|
[expose:authorization_tokens]
|
|
methods = POST,GET
|
|
pattern = authorization/tokens
|
|
|
|
[expose:authorization_tokens_ELEMENT]
|
|
methods = POST,GET,DELETE
|
|
pattern = authorization/tokens/*
|
|
|
|
[expose:remote-proxy]
|
|
methods = POST,GET
|
|
pattern = remote-proxy/**
|