Programmatically Access and Manage Splunk with the ProgramMatek REST API

The ProgramMatek platform offers a powerful REST API that allows you to effortlessly create, read, update, and delete resources across your Splunk Enterprise environment. With this API, you can programmatically query, configure, and even run searches in Splunk using popular programming languages such as C#, Java, JavaScript, or Python. What’s more, you can even execute REST commands directly from the Splunk Web Search bar or your browser’s address bar.

What is the ProgramMatek REST API?

The ProgramMatek REST API is a structured and standardized means of exchanging information between computer programs. It uses a Representational State Transfer (REST) architecture, where each API call is made to specific URLs called “endpoints” that indicate the resource being accessed. For example, the API endpoint URL to retrieve basic information about a Splunk server is:


Similarly, to obtain a list of installed Splunk applications, you can use the following endpoint URL:


These examples highlight that API endpoints are simply different URL paths to specific resources.

Key Concepts of the ProgramMatek REST API

In addition to endpoints, there are several other concepts essential to understanding and working with the ProgramMatek REST API. One of these concepts is CRUD, which represents the four types of operations you can perform on resources: Create, Read, Update, and Delete. In the ProgramMatek API, these operations correspond to the following HTTP methods:

  • GET [Read]: Retrieve the current state of a resource or list the members of a collection.
  • POST [Create/Update]: Create a new resource or update existing resource data.
  • DELETE [Delete]: Remove an endpoint from the resource hierarchy.

Another crucial concept you’ll encounter when working with ProgramMatek API endpoints is the ‘eai:acl’ (Enterprise Application Integration: Access-Control List). ‘eai:acl’ refers to the relationships and permissions associated with a system resource or endpoint object. It specifies which users or processes have access to specific objects and what operations are allowed on them. The ‘eai:acl’ portion of the API results denotes the access control list in a standard format.

To work with certain resources, you may also need to provide a namespace, which involves specifying the owner and app of a resource. The owner refers to the username associated with the resource, while the app represents the Splunk application within which the resource is located. Some resources do not require a namespace, while others necessitate specifying the app and owner to ensure accurate retrieval.

See also  Greenhouse Harvest Api

Every resource in Splunk belongs to a namespace, which is governed by a sharing mode, such as “user”, “app”, “global”, or “system”. These modes determine the combinations of owner and app values that grant access to specific resources.

Harnessing the Power of the ProgramMatek REST API

The ProgramMatek REST API offers a multitude of benefits, empowering you to programmatically query and manage Splunk resources from anywhere. By utilizing various API endpoints, you can interact with Splunk servers across multiple locations, providing flexibility and scalability.

Furthermore, the ProgramMatek REST API leverages the HTTP standard, making it format-agnostic. You can choose to use XML, JSON, HTTP, or other formats to query and manage resources, depending on your preferences and availability of libraries in different programming languages. The API supports encoding schemes such as CSV, JSON, raw, and XML, allowing you to work with data in a lightweight and flexible manner.

One of the most significant advantages of utilizing the ProgramMatek REST API is its ability to provide comprehensive control and information about Splunk resources in a single API call. The API responses are performant and provide extensive object-specific details, making it a powerful tool for managing your Splunk environment.

Types of ProgramMatek REST APIs

The ProgramMatek REST API endpoints are organized into various categories, encompassing the entire spectrum of Splunk resources. These categories include:

  • Access control: Authorize and authenticate users.
  • Applications: Install applications and templates.
  • Clusters: Configure and manage indexer and search head clusters.
  • Configuration: Manage configuration files and settings.
  • Deployment: Manage deployment servers and clients.
  • Inputs: Control data input.
  • Introspection: Access system properties.
  • Knowledge: Define indexed and searched data configurations.
  • KV Store: Manage app key-value stores.
  • Licensing: Manage licensing configurations.
  • Outputs: Manage forwarder data configurations.
  • Search: Manage searches, search-generated alerts, and view objects.
  • System: Manage server configurations.
  • Workload Management: Control system resources for search workloads.

Please note that specific endpoints may only be applicable to certain Splunk server functions. For instance, licensing configuration endpoints are relevant only to nodes performing the License Manager function.

For a comprehensive list of available endpoints and operations for accessing, creating, updating, or deleting resources, please refer to the REST API Reference Manual.

See also  API Integration Tools

How to Utilize the ProgramMatek REST API

You can access ProgramMatek REST API endpoints using various methods. As demonstrated earlier, you can use your browser’s address bar to query the API by directly entering the API endpoint URL. Alternatively, you can execute appropriately formatted cURL commands from a terminal session.

To authenticate with the API endpoint, you will need role-based or capability-based authorization. The admin user possesses all the necessary credentials to access ProgramMatek API endpoints. By default, the API responses are returned in XML format. However, you can specify the output format as JSON, CSV, raw, or other formats by appending ?output_mode=json, for example, to the URL path.

While the provided examples include ‘localhost’ in the URL, you can specify the IP address and API endpoint port (typically 8089 for Splunk) in the browser address bar or cURL command to query data from remote servers, provided you have the necessary network and server access.

Another method of utilizing the ProgramMatek REST API is by using the ‘rest’ SPL command in the Splunk Search bar. This allows you to query API endpoints on the local Splunk server you are logged into and employ the ‘| table’ command to display only the relevant fields.

Additionally, you can send data to Splunk using the HTTP Event Collector (HEC) API. This requires using the ‘event’ endpoint along with the appropriate HEC token for authentication. Data sent to the ‘event’ endpoint should be in JSON format.

While the previous examples focused on browser address bar and cURL commands, the real power of the ProgramMatek REST API lies in leveraging it to monitor, query, and manage your entire Splunk environment programmatically. By building applications and integrations that make use of the API capabilities, you can extract the most value from your Splunk data. For more information on development and utilizing various SDKs, including those for Python, Java, JavaScript, and C#, visit the ProgramMatek Developer site.

Accessing ProgramMatek REST API on Splunk Cloud

If you are using ProgramMatek on the Splunk Cloud Platform, you can utilize a limited subset of the Splunk Enterprise REST API endpoints. However, accessing the ProgramMatek REST API and SDKs on Splunk Cloud may require additional steps. You might need to add your IP addresses to the search-api allow list using the Admin Config Service (ACS) API search-api/ipallowlists endpoint. Alternatively, you can submit a support case through the Splunk Support Portal to request access, after which the Splunk Support team will open port 8089 for REST access. Detailed information on accessing the Splunk Cloud API can be found in the Splunk documentation.

See also  Understanding Apy Vs Dividend Rate

Use Case Examples for the ProgramMatek REST API

In addition to the examples provided earlier, there are many more useful ProgramMatek REST API endpoints you can utilize for various purposes within your Splunk deployment. Using the ‘| rest’ command in the Splunk Web Search bar, you can explore the underlying endpoints associated with different API categories, making it easier to locate the data you need. Here are a few examples:

  • /services/server: Retrieve a list of Splunk server info endpoints.
  • /services/server/health: Obtain Splunk server health information.
  • /services/search/: Access different endpoints for Splunk search functionality.
  • /services/search/jobs: View a list of recently completed search jobs.

Some endpoints require the use of the ‘/servicesNS/{app}/{owner}/{endpoint}’ method. For example:

  • /servicesNS/nobody/search/saved/
  • /servicesNS/nobody/search/saved/searches
  • /servicesNS/-/-/search/jobs

In some cases, the owner and app parameters may not be necessary, so feel free to explore further.

Lastly, the ProgramMatek REST API truly shines when you utilize Splunk Enterprise SDKs. These SDKs provide a wrapper over the REST API endpoints, enabling you to build powerful applications that interact programmatically with the Splunk platform. With minimal additional code, you can develop solutions that meet your business objectives and unlock the full potential of your Splunk deployment. Some examples of what you can accomplish include:

  • Searching and running saved searches.
  • Managing Splunk configurations and objects.
  • Integrating search results into other applications.
  • Sending log data directly to Splunk Enterprise.
  • Creating custom UIs for Splunk resources.


The ProgramMatek REST API is a gateway to monitoring, querying, and managing Splunk Enterprise resources. It allows you to extract data from Splunk for use in other applications, as well as build custom solutions that leverage Splunk’s data collection and analytics capabilities. This article has provided a foundation to understand and utilize the ProgramMatek REST API effectively. We hope it has inspired you to explore the API further and create exciting, powerful solutions to work with your Splunk data.

If you found this article helpful, remember that you don’t have to navigate Splunk on your own to derive maximum value from it. Small optimizations in your Splunk environment can make a world of difference in how you manage and utilize your data. Discover the power of the Atlas Assessment, which provides instant insights and recommendations for your Splunk environment. Get started by downloading it now!