Use the Configuration Management API to manage configuration files
The Configuration Management API provides OpenAPI-based REST endpoints for reading and writing Splunk platform configuration stanzas and settings.
Administrators, app developers, and automation workflows can use the Configuration Management API to read and write configuration stanzas and settings through a consistent, well-defined REST interface, without relying on direct file manipulation.
The Configuration Management API endpoints follow an OpenAPI specification that defines request and response behavior, status codes, and error payloads. This specification makes the API predictable and suitable for use in automation, integration, and tooling workflows.
These endpoints are separate from and do not replace the existing configuration REST endpoints documented in Configuration endpoint descriptions. The existing configs, config-*, and properties endpoints continue to function as before. The Configuration Management API endpoints are available under the /configs/v1 path prefix.
What you can do with the Configuration Management API
The Configuration Management API supports read and write operations on configuration stanzas and settings. You can perform the following tasks:
- List the configuration types available on your Splunk platform instance.
- Read the stanzas and settings within a configuration type.
- Create, replace, or update settings in a configuration stanza.
- Delete a stanza or an individual setting from a stanza.
The API accepts stanza and setting names in the request body rather than in the URL. This avoids URI length limitations that can occur when stanza or setting names are long or contain characters that require URL encoding.
For the full endpoint reference, including request and response schemas, parameters, status codes, and examples, see the Configuration Management API reference. The OpenAPI specification file is also available for download from the API reference page.
Read and write endpoints
The following tables list the read and write endpoints available in the Configuration Management API.
Read endpoints
| Endpoint | Description |
|---|---|
GET /configs/v1/conftypes |
List available configuration type names. |
POST /configs/v1/conftypes/{confType}:get |
Read stanzas for a configuration type. |
GET /configs/v1/conftypes/{confType}/stanzas |
List stanza names in a configuration type. |
POST /configs/v1/conftypes/{confType}/stanzas:get |
Read a stanza with its settings. |
POST /configs/v1/conftypes/{confType}/stanzas/settings:get |
Read a single setting from a stanza. |
Write endpoints
| Endpoint | Description |
|---|---|
POST /configs/v1/conftypes/{confType}/stanzas |
Create a new stanza. |
PUT /configs/v1/conftypes/{confType}/stanzas |
Replace an existing stanza and all of its settings. |
PATCH /configs/v1/conftypes/{confType}/stanzas |
Merge settings into an existing stanza. |
POST /configs/v1/conftypes/{confType}/stanzas:delete |
Delete an entire stanza. |
POST /configs/v1/conftypes/{confType}/stanzas/settings |
Create a new setting in an existing stanza. |
PUT /configs/v1/conftypes/{confType}/stanzas/settings |
Replace an existing setting value. |
POST /configs/v1/conftypes/{confType}/stanzas/settings:delete |
Delete a setting from a stanza. |
Example requests
The following examples show how to use the Configuration Management API to read and write configuration content. Replace {splunk_server} with the hostname of your Splunk Cloud Platform instance, and replace {token} with a valid authentication token.
List all available configuration types
The following request lists all configuration types available on the instance:
curl -X GET \
https://{splunk_server}:8089/services/configs/v1/conftypes \
-H "Authorization: Bearer {token}"Read all stanzas in a configuration type
The following request reads all stanzas in the inputs configuration type:
curl -X GET \
https://{splunk_server}:8089/services/configs/v1/conftypes/inputs/stanzas \
-H "Authorization: Bearer {token}"Create a new stanza
The following request creates a new stanza named monitor:///var/log/myapp in the inputs configuration type, with a single setting:
curl -X POST \
https://{splunk_server}:8089/services/configs/v1/conftypes/inputs/stanzas \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"name": "monitor:///var/log/myapp",
"settings": [
{ "name": "index", "value": "main" }
]
}'Delete a stanza
The following request deletes the monitor:///var/log/myapp stanza from the inputs configuration type:
curl -X POST \
https://{splunk_server}:8089/services/configs/v1/conftypes/inputs/stanzas:delete \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{ "name": "monitor:///var/log/myapp" }'For complete request and response details, including schema definitions, all available parameters, and additional examples, see the Configuration Management API reference.
Capabilities required to use the Configuration Management API
The Configuration Management API uses capability-based authorization.
Read operations require the list_conf_objects capability. By default, the admin and sc_admin roles have this capability.
Write operations require the edit_conf_objects capability. By default, the admin and sc_admin roles have this capability.
local/ configuration layer directly and can change live Splunk platform behavior. Use write endpoints with the same care you apply to any administrative write operation. Some configuration changes require a reload or restart to take effect.
Deployment scope and limitations
Before you use the write endpoints, review the following scope and limitations:
- Non-clustered deployments only. Write operations target the local filesystem layer of the node that receives the REST request. The API has no built-in awareness of cluster topology.
- Local layer writes only. All write operations target the
local/directory. The API does not write to thedefault/directory. - Search Head Cluster behavior. In Search Head Cluster deployments, existing replication mechanisms continue to apply independently. The API does not bypass or replace replication behavior. For more information, see How configuration changes propagate across the search head cluster.
- No automatic reload or restart. The API does not automatically reload or restart Splunk platform after configuration changes. Reload or restart behavior depends on the specific configuration file and setting you modify.
Related topics
For more information about the Configuration Management API, see:
- Configuration Management API reference — Full endpoint reference rendered from the OpenAPI contract, including request and response schemas, parameters, status codes, and examples.
For background on the Splunk configuration file system, see the following topics in the Splunk platform documentation: