crest
)The crest
command is a custom Splunk search command that allows you to send HTTP requests directly from your Splunk searches. It supports GET
, POST
, and DELETE
methods, allowing you to interact with RESTful APIs and web services within your Splunk environment.
This command is shipped with the Custom REST Command app.
| crest url=<string> method=<string> [data=<string>] [headers=<string>] [debug=<boolean>] [verify=<boolean>] [timeout=<int>]
[]
denote optional parameters.url
(required): The endpoint URL to send the HTTP request to.method
(required): The HTTP method to use. Supported methods are get
, post
, and delete
.data
(optional): The payload to send with a POST
request. Should be a JSON-formatted string.headers
(optional): Custom headers to include in the request. Should be a JSON-formatted string.debug
(optional): Set to true
to enable debug mode, which displays request details without executing the request.verify
(optional): Set to false
to disable SSL verification in your REST calls. Be careful with this option!timeout
(optional): Default is 10s, but you can change it according to your needs..Send a GET
request to http://example.com/api
.
| crest url="http://example.com/api" method="get"
Explanation: This command sends a GET
request to the specified URL and returns the response data in the search results.
Send a POST
request with a data payload to http://example.com/api
.
| crest url="http://example.com/api" method="post" data="{'key':'value'}"
Explanation: This command sends a POST
request to the specified URL with the provided JSON data as the payload.
Send a DELETE
request to http://example.com/api/resource
.
| crest url="http://example.com/api/resource" method="delete"
Explanation: This command sends a DELETE
request to remove the specified resource at the given URL.
verify="false"
in the command.localhost
, the command automatically includes the Splunk session key in the Authorization
header. This uses your user to authenticate the internal request.This app is licensed under the MIT License.
Disclaimer: Use this command responsibly. Make sure you have permission to access the URLs you are querying, and be aware of the load and security implications of sending HTTP requests from your Splunk instance.
Stopped loading data option as JSON. Leaving as String.
Debug mode fixed.
README update.
crest
)The crest
command is a custom Splunk search command that allows you to send HTTP requests directly from your Splunk searches. It supports GET
, POST
, and DELETE
methods, allowing you to interact with RESTful APIs and web services within your Splunk environment.
This command is shipped with the Custom REST Command app.
To install the Custom REST Command app and use the crest
command:
| crest url=<string> method=<string> [data=<string>] [headers=<string>] [debug=<boolean>] [verify=<boolean>] [timeout=<int>]
[]
denote optional parameters.url
(required): The endpoint URL to send the HTTP request to.method
(required): The HTTP method to use. Supported methods are get
, post
, and delete
.data
(optional): The payload to send with a POST
request. Should be a JSON-formatted string.headers
(optional): Custom headers to include in the request. Should be a JSON-formatted string.debug
(optional): Set to true
to enable debug mode, which displays request details without executing the request.verify
(optional): Set to false
to disable SSL verification in your REST calls. Be careful with this option!timeout
(optional): Default is 10s, but you can change it according to your needs..Send a GET
request to http://example.com/api
.
| crest url="http://example.com/api" method="get"
Explanation: This command sends a GET
request to the specified URL and returns the response data in the search results.
Send a POST
request with a data payload to http://example.com/api
.
| crest url="http://example.com/api" method="post" data="{'key':'value'}"
Explanation: This command sends a POST
request to the specified URL with the provided JSON data as the payload.
Send a DELETE
request to http://example.com/api/resource
.
| crest url="http://example.com/api/resource" method="delete"
Explanation: This command sends a DELETE
request to remove the specified resource at the given URL.
Use the debug
parameter to display the request details without executing the actual HTTP request. This is useful for verifying the request configuration.
| crest url="http://example.com/api" method="get" debug="true"
Explanation: When debug
is set to true
, the command outputs the request details (such as url
, method
, headers
, and data
) without sending the HTTP request.
verify="false"
in the command.localhost
, the command automatically includes the Splunk session key in the Authorization
header. This uses your user to authenticate the internal request.data
and header
parameters, make sure it is properly formatted. For example:data="{\"user\":\"matheus\",\"role\":\"admin\"}"
This app is licensed under the MIT License.
Disclaimer: Use this command responsibly. Make sure you have permission to access the URLs you are querying, and be aware of the load and security implications of sending HTTP requests from your Splunk instance.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.