Skip to content

Splunk

Node: splunk · Full type: n8n-nodes-base.splunk · Version: 2

Credentials

splunkApi (alias: @splunk)

CREDENTIAL @splunk = splunkApi "My Splunk"

Operations

Resource: alert

getReport

No additional parameters.

getMetrics

No additional parameters.

Resource: report

create

Parameter Type Default Details
searchJobId resourceLocator {...} required; modes: list, id
name string ""

deleteReport

Parameter Type Default Details
reportId resourceLocator {...} required; modes: list, id

get

Parameter Type Default Details
reportId resourceLocator {...} required; modes: list, id

getAll

Parameter Type Default Details
returnAll boolean false
limit number 50
options collection {} keys: add_orphan_field, listDefaultActionArgs

create

Parameter Type Default Details
search string "" required
additionalFields collection {} keys: adhoc_search_level, auto_cancel, auto_finalize_ec, auto_pause, index_earliest, earliest_time, ...

deleteJob

Parameter Type Default Details
searchJobId resourceLocator {...} required; modes: list, id

get

Parameter Type Default Details
searchJobId resourceLocator {...} required; modes: list, id

getAll

Parameter Type Default Details
returnAll boolean false
limit number 50
sort fixedCollection {} groups: values

getResult

Parameter Type Default Details
searchJobId resourceLocator {...} required; modes: list, id
returnAll boolean false
limit number 50
filters collection {} keys: keyValueMatch
options collection {} keys: add_summary_to_metadata

Resource: user

create

Parameter Type Default Details
name string "" required
roles multiOptions [...] required
password string "" required
additionalFields collection {} keys: email, realname

deleteUser

Parameter Type Default Details
userId resourceLocator {...} required; modes: list, id

get

Parameter Type Default Details
userId resourceLocator {...} required; modes: list, id

getAll

Parameter Type Default Details
returnAll boolean false
limit number 50

update

Parameter Type Default Details
userId resourceLocator {...} required; modes: list, id
updateFields collection {} keys: email, realname, password, roles

Parameter Details

options children:

Parameter Type Default Details
add_orphan_field boolean false
listDefaultActionArgs boolean false

additionalFields children:

Parameter Type Default Details
adhoc_search_level options "verbose" fast, smart, verbose
auto_cancel number 0
auto_finalize_ec number 0
auto_pause number 0
index_earliest dateTime ""
earliest_time dateTime ""
exec_mode options "blocking" blocking, normal, oneshot
indexedRealtimeOffset number 0
index_latest dateTime ""
latest_time dateTime ""
max_time number 0
namespace string ""
reduce_freq number 0
remote_server_list string ""
reuse_max_seconds_ago number 0
rf string ""
search_mode options "normal" normal, realtime
status_buckets number 0
timeout number 86400
workload_pool string ""

sort children:

values group:

Parameter Type Default Details
sort_dir options "asc" asc, desc
sort_key string ""
sort_mode options "auto" auto, alpha, alpha_case, num

filters children:

Parameter Type Default Details
keyValueMatch fixedCollection {} groups: keyValuePair

updateFields children:

Parameter Type Default Details
email string ""
realname string ""
password string ""
roles multiOptions []

Example

NODE "splunk" @splunk AS "Splunk" {
  resource: "alert",
  operation: "get",
  search: {{ $json.search }},
  password: {{ $json.password }}
}