Splunk is a platform for searching, monitoring, and analyzing machine-generated big data via a web-style interface.
URL: Visit APIs.json URL
Run: Capabilities Using Naftiko
- Analytics, Data Analysis, Logging, Machine Data, Monitoring, Observability, Platform, Security, SIEM
- Created: 2025-01-08
- Modified: 2026-04-18
API monitoring checks to see if API-connected resources are available, working properly and responding to calls.
Human URL: https://www.splunk.com/en_us/blog/learn/api-monitoring.html
The Splunk Enterprise REST API provides programmatic access to the same information and functionality available to core system software and Splunk Web.
Human URL: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTprolog
- Data, Enterprise, Management, REST, Search
The Splunk Cloud Platform REST API provides a subset of the Splunk Enterprise REST API endpoints.
Human URL: https://help.splunk.com/en/splunk-cloud-platform/rest-api-reference
- Cloud, Data, Management, REST, Search
Cloud-native API providing programmatic self-service administration capabilities.
Human URL: https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSIntro
- Administration, Cloud, Configuration, Management
REST endpoints for sending and managing metrics, traces, and events.
Human URL: https://dev.splunk.com/observability/
- APM, Metrics, Monitoring, Observability, Traces
Programmatic creation, updating, and management of security automation objects.
Human URL: https://docs.splunk.com/Documentation/SOAR/current/PlatformAPI/Using
- Automation, Orchestration, Playbooks, Security, SOAR
REST endpoints for findings, investigations, risk scores, assets, and identities.
Human URL: https://help.splunk.com/en/splunk-enterprise-security-8/api-reference
- Enterprise Security, Findings, Investigations, Security, SIEM
Bulk creation and updating of ITOA interface objects including entities, services, and KPIs.
- AIOps, IT Service Intelligence, ITSI, Monitoring
High-performance REST API data input for JSON or raw text data over HTTPS.
Human URL: https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
- Data Ingestion, Events, HEC, Logging, REST
REST v2.0 endpoints for managing threat intelligence data.
Human URL: https://docs.splunk.com/Documentation/SIM/current/Develop/RESTv20
- Indicators, Security, STIX, TAXII, Threat Intelligence
Python APIs for developing playbooks and automation within Splunk SOAR.
- Automation, Orchestration, Playbooks, Security, SOAR
Validates Splunk apps and add-ons against best practices and requirements.
Human URL: https://dev.splunk.com/enterprise/docs/relnotes/relnotes-appinspectapi/whatsnew
- Apps, Cloud, Splunkbase, Validation
- DeveloperPortal
- Blog
- Support
- StatusPage
- GitHubOrganization
- Documentation
- GettingStarted
- Marketplace
- Pricing
- TermsOfService
- ChangeLog
- Python SDK
- Java SDK
- JavaScript SDK
- C# SDK
- PrivacyPolicy
- Security
- X
| Name | Description |
|---|---|
| Search and Investigation | Run SPL queries to search, correlate, and analyze machine data across all indexed sources. |
| Index Management | Create and manage indexes to organize and retain data with configurable storage and retention. |
| Data Ingestion | Ingest data from file monitors, TCP/UDP inputs, scripted inputs, and HTTP Event Collector. |
| HTTP Event Collector | High-performance REST API for sending JSON or raw text events over HTTPS. |
| Security Operations | Detect threats, investigate incidents, and automate response with SIEM and SOAR. |
| Observability | Monitor infrastructure, applications, and real user experience with metrics, traces, and logs. |
| IT Service Intelligence | AIOps-powered monitoring and analytics for IT operations with service-level visibility. |
| Threat Intelligence | Manage threat indicators, observables, and intelligence sources in STIX/TAXII formats. |
| Security Orchestration | Automate security workflows with SOAR playbooks for incident response. |
| Name | Description |
|---|---|
| Security Information and Event Management | Centralize security event data for real-time threat detection and compliance. |
| IT Operations Monitoring | Monitor infrastructure health and application performance across hybrid environments. |
| Log Management | Collect, index, and analyze log data from servers, applications, and network devices. |
| Incident Response Automation | Automate security incident triage, enrichment, and response using SOAR playbooks. |
| Application Performance Monitoring | Trace application requests end-to-end to identify bottlenecks. |
| Compliance and Audit | Generate compliance reports and audit trails from indexed data. |
| Name | Description |
|---|---|
| AWS | Ingest and analyze AWS CloudTrail, CloudWatch, VPC Flow Logs, and other AWS service data. |
| Azure | Collect and analyze Azure activity logs, metrics, and diagnostic data. |
| Google Cloud | Ingest Google Cloud audit logs, metrics, and Pub/Sub messages. |
| Kubernetes | Monitor Kubernetes clusters with metrics, logs, and events from containers. |
| ServiceNow | Integrate Splunk alerts with ServiceNow ITSM for ticketing and workflow automation. |
| PagerDuty | Trigger PagerDuty incidents from Splunk alerts for on-call notification. |
| Cisco | Collect and analyze Cisco network device logs and security telemetry. |
| CrowdStrike | Ingest CrowdStrike Falcon endpoint detection data for correlated threat analysis. |
Machine-readable API specifications organized by format.
- Search Job Schema
- Event Schema
- Enterprise REST Search Job
- Enterprise REST Index
- Enterprise REST HEC Token
Naftiko capabilities organized as shared per-API definitions composed into customer-facing workflows.
- Splunk Enterprise REST API -- 27 operations for search, indexing, data inputs, and HTTP Event Collector
| Workflow | APIs Combined | Tools | Persona |
|---|---|---|---|
| Search and Analytics | Enterprise REST | 22 | SOC Analyst |
- Splunk Spectral Rules -- 7 rules enforcing Splunk Enterprise REST API conventions
FN: Kin Lane
Email: kin@apievangelist.com