Using the Splunk REST API (DSRAPI)

 

Course Overview

Formerly Developing with Splunk's REST API.

This 9-hour course is designed for application developers and administrators that want to utilize the Splunk REST API. In this course, you will learn how to make REST API requests and parse the server responses. Major topics include authentication, server administration, and implementation of a variety of search types. You will also ingest data using the HTTP Event Collector and manage application data using the Key-Value Store.

Please note that this class may run over two days, with 4.5 hour sessions each day, with a total of nine hours of content.

Who should attend

Application developers and administrators.

Prerequisites

To be successful, students should have a solid understanding of the following:

Course Objectives

  • Describe the Splunk REST API
  • Manage servers and knowledge objects
  • Execute a search and retrieve results
  • Ingest events using the HTTP Event Collector
  • Use the Key-Value Store to manage data

Outline: Using the Splunk REST API (DSRAPI)

Topic 1 – Splunk REST API

  • Introduce REST
  • Review HTTP requests
  • Describe the Splunk REST API
  • Discuss authentication methods

Topic 2 – Response Data

  • Review HTTP responses
  • Describe the Atom specification
  • Demonstrate how to retrieve JSON
  • Explain how to parse a response

Topic 3 – Administration APIs

  • Introduce the administration APIs
  • Update configuration files
  • Work with indexes
  • Manage users

Topic 4 – Namespaces and Access Control

  • Introduce namespaces
  • Explain namespace use cases
  • Implement access control

Topic 5 – Search

  • Identify search components
  • Review search best practices
  • Create a search and retrieve results
  • Discuss oneshot searches

Topic 6 – Advanced Search

  • Utilize real-time searches
  • Summarize export searches
  • Construct saved searches
  • Understand search job management

Topic 7 – HTTP Event Collector

  • Describe the HTTP Event Collector
  • Explain token management
  • Explore data ingestion
  • Implement data acknowledgement

Topic 8 – Key-Value Store

  • Examine the Key-Value Store
  • Define and manage a collection
  • Create and manage records

Prices & Delivery methods

Online Training

Duration
9 hours

Price
  • Online Training: CAD 1,270
  • Online Training: US $ 1,000
  • Splunk Training Units: 100 SPC
Dates and Booking
Enquire a date
Classroom Training

Duration
9 hours

Price
  • Canada: CAD 1,270
  • Splunk Training Units: 100 SPC
Dates and Booking
Enquire a date

Schedule

Currently there are no training dates scheduled for this course.

Enquire a date