Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create View with REST?

nathankc
Engager
‎07-23-2013 03:51 PM

version 5.0.2

Looking through the documentation, but nothing is jumping out at me as to how to create a View for an app dynamically via REST or C# SDK. I'll be creating the XML on the fly and would like to send it to Splunk programatically as opposed to copy / paste through the user interface.

Thanks - sorry if this is a ridiculous question.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-23-2013 04:14 PM

You're not crazy. For some reason the /data/ui/views endpoint is missing from the REST API reference.

It's simple though. With views there are only 2 relevant properties to get/set: "name", which ends up being the filename on disk as well as the URL segment, and eai:data, which is the XML string.

To give an example off the top of my head, to add a system-owned view called "myView" to "myApp" just POST to

/servicesNS/nobody/myApp/data/ui/views/_new

and pass "name" set to "myView", and "eai:data" set to the desired XML. As with other namespaced REST calls, you would set permissions and ownership by incorporating usernames in URL as appropriate and setting the "eai:acl" property as appropriate in your POST.

View solution in original post

Reply
Solved! Jump to solution

fman82
Explorer
‎02-26-2014 01:11 PM

Am I missing something here. I submit eai:data and I get:

In handler 'views':
Argument "eai:data" is not supported
by this handler.

The curl I'm running is:

curl -v -H "Content-Type: application/xml" -X POST -d name=test00013210 -d eai:data=%3Cdashboard%20%2F%3E  -u admin:changeme  -k hxxps://localhost:8091/servicesNS/admin/search/data/ui/views/_new
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎02-27-2014 10:21 AM

Tried it for myself and indeed, something about posting to the _new endpoint doesn't work here. I can't figure it out either. I can do a nice simple curl POST -d eai:data="<dashboard />" -u admin:changeme -k https://localhost:8089/servicesNS/admin/search/data/ui/views/existing_view_name and it works great.

But whenever I try anything to _new, I get that same error you're getting.

0 Karma
Reply
Solved! Jump to solution

ganesh_crms
New Member
‎07-24-2019 12:06 AM

HI sideview,
how to get value of eai:data?

so in curl you mentioned "/admin/search/" here "search" is the app having the view?
And i am getting "Argument " name" is not supported by this handler."

0 Karma
Reply
Solved! Jump to solution

deanilol
Explorer
‎04-05-2015 06:53 AM

Looking for an answer on this!

0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-23-2013 04:14 PM

You're not crazy. For some reason the /data/ui/views endpoint is missing from the REST API reference.

It's simple though. With views there are only 2 relevant properties to get/set: "name", which ends up being the filename on disk as well as the URL segment, and eai:data, which is the XML string.

To give an example off the top of my head, to add a system-owned view called "myView" to "myApp" just POST to

/servicesNS/nobody/myApp/data/ui/views/_new

and pass "name" set to "myView", and "eai:data" set to the desired XML. As with other namespaced REST calls, you would set permissions and ownership by incorporating usernames in URL as appropriate and setting the "eai:acl" property as appropriate in your POST.

Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...