Contenu
Splunk IM exposes a comprehensive API that allows you to automate any action that can be done using the User Interface. This 2-day virtual module provides the foundation for you to use the API to automate bulk actions such as the creation of charts, dashboards, and alerts. See how to programmatically perform computations that can be used in charts and detectors or streamed in real-time. Use the API to manage Splunk IMteams.
Learn the concepts and apply the knowledge through discussions and hands-on activities.
Please note that this class may be delivered over two days, with 4.5 hour sessions each day, for a total of nine hours of content.
Pré-requis
Required:
- Using Splunk Infrastructure Monitoring
Objectifs
- Using the SignalFlow API to Perform Computations
- Stream/extract Raw and Processed Data from Splunk IM
- Manage Splunk IM Teams
- Manage Charts, Dashboards and Dashboard Groups Using the REST API
- Manage Detectors Using the REST API
Outline: Automation Using the REST and SignalFlow APIs (AURSAPI)
Topic 1 – Overview of the Splunk IM API
- Describe the function of the API
- Describe the API endpoints
Topic 2 – Streaming Computations Using SignalFlow
- Use the SignalFlow CLI
- Use the data() function to stream metrics
- Use the detect() function to define detectors
Topic 3 – Streaming Raw and Processed Data
- Choose when to use WebSocket connection vs HTTP API for streaming
- Execute SignalFlow computations
- Describe the types of messages emitted by streaming computation
- Stream/extract raw and processed data from the Splunk IM service
Topic 4 – Manage Splunk IM Teams
- Describe the use of teams
- Create teams
- Add/remove members to/from teams
- Update teams
Topic 5 – Automate Chart and Dashboard Management
- Create, modify, and delete charts
- Create detectors to monitor issues of interest
Topic 6 – Automate Detector Management
- Create detectors
- Update, delete detectors
- Mute notifications
- Clear incidents