Splunk Enterprise Security 8

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Welcome Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Welcome Community Support Supported Add-ons

Documentation

Splunk Enterprise Security 8

Splunk Enterprise Security 8 Contents

Enterprise Security Editions

Install

Administer

Troubleshoot

User Guide

REST API Reference

API Reference

8.2

Splunk Enterprise Security API Reference

Investigation

Findings

Risks

Identity

Assets

Responseplan

Notes

Release Notes and Resources

Security Content Update

Security Essentials

Splunk App for Fraud Analytics

Splunk App for PCI Compliance

Common Information Model

Splunk Machine Learning Toolkit

Splunk Enterprise Security API Reference

The Splunk Enterprise Security API allows you to use and modify findings, investigations, risk scores, assets, and identities in Splunk Enterprise Security. You can download the OpenAPI specifications:Download

Support for Splunk platform `| rest` command

You can use the | rest command with Splunk Enterprise Security public GET APIs. To use this command with Splunk Enterprise Security, you must do the following:

Add the search_format=true search parameter
Include quotes when using the ? character

The following search is an example that also includes the & operator:

| rest splunk_server=local "/servicesNS/nobody/missioncontrol/public/v2/investigations?search_format=true&urgency=medium"

For more details on the Splunk platform rest command, see rest in the SPL Search Reference.

Continue to navigate this API reference manual to find GET APIs available to use with Splunk Enterprise Security.

Last updated: September 17, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

AppDynamics On-Premises

AppDynamics SAP Agent

Welcome

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.