splunk get-data-commands
Access Python search commands.
Description
Access search commands
Synopsis
splunk get-data-commands
--site <site>
[--name <name>]
[--count <count>]
[--sort_key <sort_key>]
[--sort_dir <sort_dir>]
Arguments
site - (string)
Site where this command will be executed
Example: --site "site-1"
Default: input.site
Attributes: required
name - (string)
Name of the alert. If not specified, returns all alerts
Example: --name "alert-1"
Default: _None_
Attributes: optional
count - (int)
Limit the number of results returned. Set 0 to return all results.
Example: --count 0
Default: 0
Attributes: optional
sort_key - (string)
Field name to use for sorting.
Example: --sort_key "updated"
Default: updated
Attributes: optional
sort_dir - (string)
Response sort order.
Example: --sort_dir "sort_dir-1"
Default: _None_
Attributes: optional
Validation:
allowed values: asc, desc
Examples
Input:
Output:UPDATED AUTHOR NAME APP
1970-01-01T05:30:00+05:30 nobody copybuckets splunk_archiver
1970-01-01T05:30:00+05:30 nobody archivebuckets splunk_archiver
1970-01-01T05:30:00+05:30 nobody sendemail search
1970-01-01T05:30:00+05:30 nobody makejson splunk_instrumentation
1970-01-01T05:30:00+05:30 nobody outputtelemetry splunk_instrumentation
1970-01-01T05:30:00+05:30 nobody checke2ewss splunk_secure_gateway
{
"links": {
"_reload": "/servicesNS/admin/-/data/commands/_reload",
"_acl": "/servicesNS/admin/-/data/commands/_acl"
},
"origin": "https://localhost:8089/servicesNS/admin/-/data/commands",
"updated": "2023-02-07T15:15:23+05:30",
"generator": {
"build": "dd0128b1f8cd",
"version": "9.0.3"
},
"entry": [
{
"name": "x11",
"id": "https://localhost:8089/servicesNS/nobody/search/data/commands/x11",
"updated": "1970-01-01T05:30:00+05:30",
"links": {
"alternate": "/servicesNS/nobody/search/data/commands/x11",
"list": "/servicesNS/nobody/search/data/commands/x11",
"_reload": "/servicesNS/nobody/search/data/commands/x11/_reload",
"disable": "/servicesNS/nobody/search/data/commands/x11/disable"
},
"author": "nobody",
"acl": {
"app": "search",
"can_change_perms": true,
"can_list": true,
"can_share_app": true,
"can_share_global": true,
"can_share_user": false,
"can_write": true,
"modifiable": true,
"owner": "nobody",
"perms": {
"read": [
"*"
],
"write": [
"admin"
]
},
"removable": false,
"sharing": "global"
},
"fields": {
"required": [],
"optional": [],
"wildcard": []
},
"content": {
"changes_colorder": false,
"disabled": false,
"eai:acl": null,
"eai:appName": "search",
"eai:userName": "nobody",
"enableheader": false,
"filename": "deseasonal.py",
"generates_timeorder": false,
"generating": false,
"is_risky": "false",
"maxinputs": 50000,
"outputheader": false,
"overrides_timeorder": false,
"pass_timezone": "false",
"passauth": false,
"perf_warn_limit": 0,
"python.version": "python3",
"required_fields": "*",
"requires_preop": false,
"retainsevents": true,
"streaming": false,
"supports_getinfo": true,
"type": "python"
}
}
],
"paging": {
"total": 1,
"perPage": 30,
"offset": 0
},
"messages": []
}
Access Control
To use this command, you need access to the following:
| Field | Value |
|---|---|
| Action | "read" |
| Service Type | "splunk" |
| Service Instance | |
| Namespace | |
| Object Type | "data" |
| Object ID |
Please see Access Control for details.