Splunk Enterprise Security API Reference

Use and modify findings, investigations, risk scores, assets, and identities with the Splunk Enterprise Security API.

API guides

This manual includes the following API reference guides:

Open API reference for Splunk Enterprise Security. You can also download the Open API specifications.
Deprecated API reference for Splunk Enterprise Security. These APIs are provided as a reference but are no longer supported.

Support for Splunk platform `| rest` command

You can use the | rest command with Splunk Enterprise Security public GET APIs. To use this command with Splunk Enterprise Security, you must do the following:

Add the search_format=true search parameter
Include quotes when using the ? character

The following search is an example that also includes the & operator:

CODE

| rest splunk_server=local "/servicesNS/nobody/missioncontrol/public/v2/investigations?search_format=true&urgency=medium"

| rest splunk_server=local "/servicesNS/nobody/missioncontrol/public/v2/investigations?search_format=true&urgency=medium"

For more details on the Splunk platform rest command, see rest in the SPL Search Reference.

Continue to navigate this API reference manual to find GET APIs available to use with Splunk Enterprise Security.

Splunk Enterprise Security 8

Splunk Enterprise Security API Reference

API guides

Support for Splunk platform `| rest` command

ON THIS PAGE