Splunk

Splunk Enterprise REST API

The Splunk Enterprise REST API provides programmatic access to the same information and functionality available to core system software and Splunk Web. It supports GET, POST, and DELETE operations over HTTPS on the splunkd management port 8089.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTprolog
📖
GettingStarted
https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing
📖
APIReference
https://dev.splunk.com/enterprise/reference
📖
APIReference
Endpoints Reference List
📖
Authentication
https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing
📖
Documentation
Search REST Reference

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/splunk/refs/heads/main/openapi/splunk-enterprise-rest-api.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/splunk/refs/heads/main/json-schema/splunk-search-job-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/splunk/refs/heads/main/json-schema/splunk-event-schema.json

Other Resources

🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/splunk/refs/heads/main/json-ld/splunk-context.jsonld

OpenAPI Specification

splunk-enterprise-rest-api.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Splunk Enterprise REST API
  description: >-
    The Splunk Enterprise REST API provides programmatic access to Splunk
    Enterprise functionality including search, indexing, data inputs, and
    system management. All requests are made over HTTPS to the splunkd
    management port (default 8089). Authentication is required via Splunk
    authentication tokens or HTTP Basic authentication with a valid Splunk
    username and password. Responses are available in JSON and XML formats.
  version: 9.4.0
  contact:
    name: Splunk Inc.
    url: https://www.splunk.com
    email: [email protected]
  license:
    name: Splunk Terms of Service
    url: https://www.splunk.com/en_us/legal/splunk-general-terms.html
  x-apisguru-categories:
  - analytics
  - monitoring
  - security
  x-logo:
    url: https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon.ico
externalDocs:
  description: Splunk Enterprise REST API Reference
  url: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTprolog
servers:
- url: https://{host}:{port}
  description: Splunk Enterprise management endpoint
  variables:
    host:
      default: localhost
      description: Hostname or IP address of the Splunk Enterprise instance
    port:
      default: "8089"
      description: splunkd management port
security:
- BearerAuth: []
- BasicAuth: []
tags:
- name: Search
  description: >-
    Endpoints for creating, managing, and retrieving search jobs and
    their results. Splunk search processing language (SPL) queries are
    submitted as search jobs that run asynchronously.
  externalDocs:
    url: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch
- name: Index
  description: >-
    Endpoints for managing Splunk indexes, which store and organize
    ingested data. Indexes can be created, modified, listed, and
    configured for retention and storage policies.
  externalDocs:
    url: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTindex
- name: Data Inputs
  description: >-
    Endpoints for configuring and managing data inputs including
    monitors, TCP/UDP inputs, scripted inputs, and HTTP Event
    Collector (HEC) tokens. Data inputs define how Splunk ingests data.
  externalDocs:
    url: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput
paths:
  /services/search/jobs:
    get:
      operationId: listSearchJobs
      summary: List Search Jobs
      description: >-
        Returns a list of current search jobs for the authenticated user.
        Includes job status, progress, and metadata for each job.
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/OutputMode"
      - $ref: "#/components/parameters/Count"
      - $ref: "#/components/parameters/Offset"
      - name: search
        in: query
        description: Filter search jobs by search string
        schema:
          type: string
        example: example_value
      - name: sort_key
        in: query
        description: Field to sort by
        schema:
          type: string
          default: dispatch_time
        example: example_value
      - name: sort_dir
        in: query
        description: Sort direction
        schema:
          type: string
          enum:
          - asc
          - desc
          default: desc
        example: asc
      responses:
        "200":
          description: List of search jobs returned successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/SearchJobList"
              examples:
                Listsearchjobs200Example:
                  summary: Default listSearchJobs 200 response
                  x-microcks-default: true
                  value:
                    origin: example_value
                    updated: '2026-01-15T10:30:00Z'
                    generator:
                      build: example_value
                      version: example_value
                    entry:
                    - sid: '500123'
                      content: {}
                    paging:
                      total: 10
                      perPage: 10
                      offset: 10
        "401":
          $ref: "#/components/responses/Unauthorized"
        "403":
          $ref: "#/components/responses/Forbidden"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: createSearchJob
      summary: Create a Search Job
      description: >-
        Creates a new search job. The search job runs asynchronously. Use
        the returned search ID (sid) to check job status and retrieve
        results. Searches use the Splunk Search Processing Language (SPL).
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/OutputMode"
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: "#/components/schemas/SearchJobCreateRequest"
            examples:
              CreatesearchjobRequestExample:
                summary: Default createSearchJob request
                x-microcks-default: true
                value:
                  search: example_value
                  earliest_time: example_value
                  latest_time: example_value
                  search_mode: normal
                  exec_mode: normal
                  max_count: 10
                  max_time: 10
                  timeout: 10
                  rf: example_value
                  namespace: example_value
                  id: abc123
                  status_buckets: 10
                  auto_cancel: 10
                  auto_finalize_ec: 10
                  auto_pause: 10
                  enable_lookups: true
                  reload_macros: true
                  reduce_freq: 10
                  spawn_process: true
      responses:
        "201":
          description: Search job created successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  sid:
                    type: string
                    description: The search ID assigned to the new search job
                    examples:
                    - "1234567890.12345"
              examples:
                Createsearchjob201Example:
                  summary: Default createSearchJob 201 response
                  x-microcks-default: true
                  value:
                    sid: '500123'
        "400":
          $ref: "#/components/responses/BadRequest"
        "401":
          $ref: "#/components/responses/Unauthorized"
        "403":
          $ref: "#/components/responses/Forbidden"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/search/jobs/{search_id}:
    get:
      operationId: getSearchJob
      summary: Get Search Job Details
      description: >-
        Returns detailed information about a specific search job including
        its status, progress, performance metrics, and configuration.
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/SearchId"
      - $ref: "#/components/parameters/OutputMode"
      responses:
        "200":
          description: Search job details returned successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/SearchJob"
              examples:
                Getsearchjob200Example:
                  summary: Default getSearchJob 200 response
                  x-microcks-default: true
                  value:
                    sid: '500123'
                    content:
                      sid: '500123'
                      dispatchState: QUEUED
                      doneProgress: 42.5
                      scanCount: 10
                      eventCount: 10
                      resultCount: 10
                      runDuration: 42.5
                      earliestTime: '2026-01-15T10:30:00Z'
                      latestTime: '2026-01-15T10:30:00Z'
                      cursorTime: '2026-01-15T10:30:00Z'
                      eventSearch: example_value
                      reportSearch: example_value
                      isSaved: true
                      isFinalized: true
                      isPaused: true
                      isZombie: true
                      isDone: true
                      isFailed: true
                      isPreviewEnabled: true
                      isRealTimeSearch: true
                      isSavedSearch: true
                      isRemoteTimeline: true
                      priority: 10
                      ttl: 10
                      request: example_value
                      performance: example_value
                      messages:
                      - type: DEBUG
                        text: example_value
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    delete:
      operationId: deleteSearchJob
      summary: Delete a Search Job
      description: >-
        Cancels and deletes the specified search job and its results.
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/SearchId"
      responses:
        "200":
          description: Search job deleted successfully
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/search/jobs/{search_id}/control:
    post:
      operationId: controlSearchJob
      summary: Control a Search Job
      description: >-
        Execute a control action on a search job such as pause, unpause,
        finalize, cancel, or touch (extend the job lifetime).
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/SearchId"
      - $ref: "#/components/parameters/OutputMode"
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required:
              - action
              properties:
                action:
                  type: string
                  description: The control action to execute
                  enum:
                  - pause
                  - unpause
                  - finalize
                  - cancel
                  - touch
                  - setttl
                  - setpriority
                  - enablepreview
                  - disablepreview
                ttl:
                  type: integer
                  description: Time to live in seconds (used with setttl action)
                priority:
                  type: integer
                  description: Priority value 0-10 (used with setpriority action)
                  minimum: 0
                  maximum: 10
            examples:
              ControlsearchjobRequestExample:
                summary: Default controlSearchJob request
                x-microcks-default: true
                value:
                  action: pause
                  ttl: 10
                  priority: 10
      responses:
        "200":
          description: Control action executed successfully
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/search/jobs/{search_id}/results:
    get:
      operationId: getSearchResults
      summary: Get Search Results
      description: >-
        Returns the results of a completed search job. Results are
        available only after the search job has finished. Use the
        count and offset parameters for pagination.
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/SearchId"
      - $ref: "#/components/parameters/OutputMode"
      - $ref: "#/components/parameters/Count"
      - $ref: "#/components/parameters/Offset"
      - name: search
        in: query
        description: Post-processing search string to filter results
        schema:
          type: string
        example: example_value
      - name: field_list
        in: query
        description: Comma-separated list of fields to return
        schema:
          type: string
        example: example_value
      responses:
        "200":
          description: Search results returned successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/SearchResults"
              examples:
                Getsearchresults200Example:
                  summary: Default getSearchResults 200 response
                  x-microcks-default: true
                  value:
                    init_offset: 10
                    results:
                    - {}
                    fields:
                    - name: Example Title
                      type: example_value
                    messages:
                    - type: example_value
                      text: example_value
                    preview: true
                    highlighted: example_value
        "204":
          description: Search job has not yet finished; no results available
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/search/jobs/{search_id}/events:
    get:
      operationId: getSearchEvents
      summary: Get Search Events
      description: >-
        Returns the untransformed events of a search job. Unlike results,
        events return the raw data before any transforming commands are
        applied. Available for searches that include non-transforming
        commands.
      tags:
      - Search
      parameters:
      - $ref: "#/components/parameters/SearchId"
      - $ref: "#/components/parameters/OutputMode"
      - $ref: "#/components/parameters/Count"
      - $ref: "#/components/parameters/Offset"
      - name: earliest_time
        in: query
        description: Earliest time boundary for events
        schema:
          type: string
        example: example_value
      - name: latest_time
        in: query
        description: Latest time boundary for events
        schema:
          type: string
        example: example_value
      - name: search
        in: query
        description: Post-processing search to filter events
        schema:
          type: string
        example: example_value
      - name: field_list
        in: query
        description: Comma-separated list of fields to return
        schema:
          type: string
        example: example_value
      - name: truncation_mode
        in: query
        description: How to truncate long lines
        schema:
          type: string
          enum:
          - abstract
          - truncate
        example: abstract
      - name: max_lines
        in: query
        description: Maximum number of lines per event
        schema:
          type: integer
          default: 0
        example: 10
      responses:
        "200":
          description: Search events returned successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/SearchResults"
              examples:
                Getsearchevents200Example:
                  summary: Default getSearchEvents 200 response
                  x-microcks-default: true
                  value:
                    init_offset: 10
                    results:
                    - {}
                    fields:
                    - name: Example Title
                      type: example_value
                    messages:
                    - type: example_value
                      text: example_value
                    preview: true
                    highlighted: example_value
        "204":
          description: No events available yet
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/search/jobs/export:
    get:
      operationId: exportSearchResults
      summary: Export Search Results
      description: >-
        Runs a search and streams results back as they become available,
        rather than waiting for the search to complete. This is a
        streaming endpoint suitable for long-running searches or real-time
        searches. The search runs synchronously and results stream back
        in the response.
      tags:
      - Search
      parameters:
      - name: search
        in: query
        required: true
        description: The SPL search query to execute
        schema:
          type: string
        example: example_value
      - $ref: "#/components/parameters/OutputMode"
      - name: earliest_time
        in: query
        description: Earliest time for the search
        schema:
          type: string
        example: example_value
      - name: latest_time
        in: query
        description: Latest time for the search
        schema:
          type: string
        example: example_value
      - name: auto_cancel
        in: query
        description: Seconds of inactivity after which the search is cancelled
        schema:
          type: integer
        example: 10
      - name: enable_lookups
        in: query
        description: Whether to enable lookups during the search
        schema:
          type: boolean
          default: true
        example: true
      responses:
        "200":
          description: Search results streaming successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/SearchResults"
              examples:
                Exportsearchresults200Example:
                  summary: Default exportSearchResults 200 response
                  x-microcks-default: true
                  value:
                    init_offset: 10
                    results:
                    - {}
                    fields:
                    - name: Example Title
                      type: example_value
                    messages:
                    - type: example_value
                      text: example_value
                    preview: true
                    highlighted: example_value
        "400":
          $ref: "#/components/responses/BadRequest"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/data/indexes:
    get:
      operationId: listIndexes
      summary: List Indexes
      description: >-
        Returns a list of all indexes accessible to the authenticated
        user. Includes index configuration, storage paths, and
        data retention settings.
      tags:
      - Index
      parameters:
      - $ref: "#/components/parameters/OutputMode"
      - $ref: "#/components/parameters/Count"
      - $ref: "#/components/parameters/Offset"
      - name: search
        in: query
        description: Filter indexes by name or properties
        schema:
          type: string
        example: example_value
      - name: sort_key
        in: query
        description: Field to sort by
        schema:
          type: string
        example: example_value
      - name: sort_dir
        in: query
        description: Sort direction
        schema:
          type: string
          enum:
          - asc
          - desc
        example: asc
      - name: datatype
        in: query
        description: Filter by data type
        schema:
          type: string
          enum:
          - all
          - event
          - metric
        example: all
      responses:
        "200":
          description: Index list returned successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/IndexList"
              examples:
                Listindexes200Example:
                  summary: Default listIndexes 200 response
                  x-microcks-default: true
                  value:
                    origin: example_value
                    updated: '2026-01-15T10:30:00Z'
                    entry:
                    - name: Example Title
                      content: {}
                    paging:
                      total: 10
                      perPage: 10
                      offset: 10
        "401":
          $ref: "#/components/responses/Unauthorized"
        "403":
          $ref: "#/components/responses/Forbidden"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: createIndex
      summary: Create a New Index
      description: >-
        Creates a new index with the specified configuration. The index
        name must be unique and conform to Splunk naming conventions.
      tags:
      - Index
      parameters:
      - $ref: "#/components/parameters/OutputMode"
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: "#/components/schemas/IndexCreateRequest"
            examples:
              CreateindexRequestExample:
                summary: Default createIndex request
                x-microcks-default: true
                value:
                  name: Example Title
                  datatype: event
                  homePath: example_value
                  coldPath: example_value
                  thawedPath: example_value
                  maxTotalDataSizeMB: 10
                  maxDataSize: example_value
                  frozenTimePeriodInSecs: 10
                  maxHotBuckets: 10
                  maxWarmDBCount: 10
      responses:
        "201":
          description: Index created successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Index"
              examples:
                Createindex201Example:
                  summary: Default createIndex 201 response
                  x-microcks-default: true
                  value:
                    name: Example Title
                    content:
                      datatype: event
                      totalEventCount: 10
                      currentDBSizeMB: 10
                      maxDataSize: auto
                      maxTotalDataSizeMB: 10
                      maxHotBuckets: 10
                      maxWarmDBCount: 10
                      frozenTimePeriodInSecs: 10
                      homePath: example_value
                      coldPath: example_value
                      thawedPath: example_value
                      disabled: true
                      isInternal: true
                      minTime: example_value
                      maxTime: example_value
                      repFactor: example_value
                      enableOnlineBucketRepair: true
                      quarantinePastSecs: 10
                      quarantineFutureSecs: 10
        "400":
          $ref: "#/components/responses/BadRequest"
        "401":
          $ref: "#/components/responses/Unauthorized"
        "403":
          $ref: "#/components/responses/Forbidden"
        "409":
          description: An index with the specified name already exists
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ErrorResponse"
              examples:
                Createindex409Example:
                  summary: Default createIndex 409 response
                  x-microcks-default: true
                  value:
                    messages:
                    - type: ERROR
                      text: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/data/indexes/{name}:
    get:
      operationId: getIndex
      summary: Get Index Details
      description: >-
        Returns detailed configuration and status information for a
        specific index including storage paths, retention settings,
        and current size.
      tags:
      - Index
      parameters:
      - $ref: "#/components/parameters/IndexName"
      - $ref: "#/components/parameters/OutputMode"
      responses:
        "200":
          description: Index details returned successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Index"
              examples:
                Getindex200Example:
                  summary: Default getIndex 200 response
                  x-microcks-default: true
                  value:
                    name: Example Title
                    content:
                      datatype: event
                      totalEventCount: 10
                      currentDBSizeMB: 10
                      maxDataSize: auto
                      maxTotalDataSizeMB: 10
                      maxHotBuckets: 10
                      maxWarmDBCount: 10
                      frozenTimePeriodInSecs: 10
                      homePath: example_value
                      coldPath: example_value
                      thawedPath: example_value
                      disabled: true
                      isInternal: true
                      minTime: example_value
                      maxTime: example_value
                      repFactor: example_value
                      enableOnlineBucketRepair: true
                      quarantinePastSecs: 10
                      quarantineFutureSecs: 10
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: updateIndex
      summary: Update Index Configuration
      description: >-
        Updates the configuration of an existing index. Not all index
        properties can be modified after creation.
      tags:
      - Index
      parameters:
      - $ref: "#/components/parameters/IndexName"
      - $ref: "#/components/parameters/OutputMode"
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: "#/components/schemas/IndexUpdateRequest"
            examples:
              UpdateindexRequestExample:
                summary: Default updateIndex request
                x-microcks-default: true
                value:
                  maxTotalDataSizeMB: 10
                  frozenTimePeriodInSecs: 10
                  maxHotBuckets: 10
                  maxWarmDBCount: 10
                  disabled: true
                  coldToFrozenDir: example_value
                  coldToFrozenScript: example_value
      responses:
        "200":
          description: Index updated successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Index"
              examples:
                Updateindex200Example:
                  summary: Default updateIndex 200 response
                  x-microcks-default: true
                  value:
                    name: Example Title
                    content:
                      datatype: event
                      totalEventCount: 10
                      currentDBSizeMB: 10
                      maxDataSize: auto
                      maxTotalDataSizeMB: 10
                      maxHotBuckets: 10
                      maxWarmDBCount: 10
                      frozenTimePeriodInSecs: 10
                      homePath: example_value
                      coldPath: example_value
                      thawedPath: example_value
                      disabled: true
                      isInternal: true
                      minTime: example_value
                      maxTime: example_value
                      repFactor: example_value
                      enableOnlineBucketRepair: true
                      quarantinePastSecs: 10
                      quarantineFutureSecs: 10
        "400":
          $ref: "#/components/responses/BadRequest"
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    delete:
      operationId: deleteIndex
      summary: Delete an Index
      description: >-
        Marks an index for deletion. The index data is removed according
        to the configured retention policy. Requires the admin role.
      tags:
      - Index
      parameters:
      - $ref: "#/components/parameters/IndexName"
      responses:
        "200":
          description: Index marked for deletion
        "404":
          $ref: "#/components/responses/NotFound"
        "401":
          $ref: "#/components/responses/Unauthorized"
        "403":
          $ref: "#/components/responses/Forbidden"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /services/data/inputs/monitor:
    get:
      operationId: listMonitorInputs
      summary: List File and Directory Monitor Inputs
      description: >-
        Returns a list of file and directory monitoring inputs. Monitor
        inputs continuously watch files and directories for new data.
      tags:
      - Data Inputs
      parameters:
      - $ref: "#/components/parameters/OutputMode"
      - $ref: "#/components/parameters/Count"
      - $ref: "#/components/parameters/Offset"
      - name: search
        in: query
        description: Filter inputs by search string
        schema:
          type: string
        example: example_value
      responses:
        "200":
          description: Monitor inputs listed successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/MonitorInputList"
              examples:
                Listmonitorinputs200Example:
                  summary: Default listMonitorInputs 200 response
                  x-microcks-default: true
                  value:
                    origin: example_value
                    updated: '2026-01-15T10:30:00Z'
                    entry:
                    - name: Example Title
                      content: {}
                    paging:
                      total: 10
                      perPage: 10
                      offset: 10
        "401":
          $ref: "#/components/responses/Unauthorized"
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: createMonitorInput
      summary: Create a File or Directory Monitor Input
      description: >-
        Creates a new file or directory monitoring input. The specified
        path will be monitored for new data and ingested into the
        specified index.
      tags:
      - Data Inputs
      parameters:
      - $ref: "#/components/parameters/OutputMode"
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: "#/components/schemas/MonitorInputCreateRequest"
            examples:
              CreatemonitorinputRequestExample:
                summary: Default createMonitorInput request
                x-microcks-default: true
                value:
                  name: Example Title
                  index: example_value
                  sourcetype: example_value
                  source: example_value
                  host: example_value
                  disabled: true
                  followTail: true
                  recursive: true
                  whitelist: example_value
                  blacklist: example_value
      responses:
        "201":
          description: Monitor input created successfully
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/MonitorInput"
              examples:
                Createmonitorinput201Example:
                  summary: Default createMonitorInput 201 response
                  x-microcks-default: true
                  value:
                    name: Example Title
                    c

# --- truncated at 32 KB (84 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/splunk/refs/heads/main/openapi/splunk-enterprise-rest-api.yml