Developing with the Splunk

Duration : 2 Days (16 Hours)

Developing with the Splunk Course Overview:

This course is designed for developers who aim to harness the Splunk REST API for interacting with Splunk servers. Throughout the course, participants will utilize tools like curl and Python to send requests to Splunk REST endpoints, gain proficiency in parsing and utilizing the results, and create diverse objects within Splunk. Additionally, the course covers topics such as modifying object properties, implementing security measures for Splunk objects, executing various search types and processing their outcomes, ingesting data via the HTTP Event Collector, and manipulating collections and KV Stores.

Intended Audience:

  • Developers: Those who want to leverage the Splunk REST API to interact with Splunk servers programmatically.
  • Splunk Administrators: Professionals responsible for managing and configuring Splunk instances, including API integration.
  • Application Developers: Individuals involved in developing applications that incorporate Splunk data and functionality.
  • System Integrators: Professionals who integrate Splunk with other systems and technologies.
  • IT Professionals: Including those responsible for data management, analytics, and automation within a Splunk environment.
  • Splunk Consultants: Consultants specializing in Splunk application development and integration.
  • Anyone interested in mastering the Splunk REST API for various data and operational tasks within Splunk.

Learning Objectives of Developing with the Splunk:

  • Introduction to the Splunk REST API
  • Namespaces and Object Management
  • Parsing Output
  • Oneshot Searches
  • Normal and Export Searches
  • Advanced Searching and Job Management
  • Working with KV Stores
  • Using the HTTP Event Collector (HEC)

Module 1: Introduction to the Splunk REST API

  • Introduction to the Splunk development environment and REST endpoints
  • Connecting to the appropriate Splunk server
  • Authentication with and without a session

Module 2: Namespaces and Object Management

  • CRUD operations with the REST API
  • Understanding namespaces and their impact on object access
  • Accessing objects using servicesNS node and namespaces
  • Sharing levels and access control lists for objects
  • Modifying sharing levels and permissions

Module 3: Parsing Output

  • Structure of Atom-based output
  • Formatting Atom-based XML and JSON output
  • Writing code to parse API responses

Module 4: Oneshot Searches

  • Reviewing search language syntax and best practices
  • Executing oneshot searches
  • Retrieving and parsing search results

Module 5: Normal and Export Searches

  • Types of searches
  • Executing normal and export searches
  • Obtaining search results, job status, and job properties

Module 6: Advanced Searching and Job Management

  • Real-time searches
  • Working with saved searches
  • Managing search jobs

Module 7: Working with KV Stores

  • Understanding KV Stores and their functions
  • Collections and records in KV Stores
  • CRUD operations on collections and records

Module 8: Using the HTTP Event Collector (HEC)

  • Creating and using HEC tokens
  • Inputting data using HEC endpoints
  • Retrieving indexer event acknowledgments

Module 9: Useful Admin REST APIs

  • Getting system information
  • Managing Splunk configuration files
  • Index management

Module 10: Custom REST Endpoints

  • Extending the Splunk REST API
  • Publishing custom REST endpoints
  • Utilizing custom REST API endpoints

Developing with the Splunk Course Prerequisites:

To succeed in this course, students should have a solid understanding of the following prerequisites:

From the Fundamentals Series:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Alternatively, students should have a comprehensive grasp of the following single-subject courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Working with Time
  • Statistical Processing
  • Search Under the Hood
  • Introduction to Knowledge Objects

In addition, it’s recommended that students have an understanding of the following course:

  • Splunk Enterprise Data Administration

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.