Splunk

Realm Operations

Resource path:

/realm-config/services/audit/Splunk

Resource version: 1.0

create

Usage

am> create Splunk --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "splunkBuffering" : {
      "type" : "object",
      "title" : "Buffering",
      "propertyOrder" : 3,
      "properties" : {
        "batchSize" : {
          "title" : "Batch Size",
          "description" : "Maximum number of events that can be buffered (default: 10000).",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "writeInterval" : {
          "title" : "Write interval (in milliseconds)",
          "description" : "Interval at which buffered events are written to Splunk.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "maxEvents" : {
          "title" : "Queue Capacity",
          "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "splunkConfig" : {
      "type" : "object",
      "title" : "Splunk Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "sslEnabled" : {
          "title" : "SSL Enabled",
          "description" : "Use HTTPS protocol for communication with Splunk.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "host" : {
          "title" : "Server Hostname",
          "description" : "Host name or IP address of Splunk server.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authzToken" : {
          "title" : "Authorization Token",
          "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "port" : {
          "title" : "Server Port",
          "description" : "Port number of Splunk server.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "commonHandler" : {
      "type" : "object",
      "title" : "General Handler Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "topics" : {
          "title" : "Topics",
          "description" : "List of topics handled by an audit event handler.",
          "propertyOrder" : 200,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enabled" : {
          "title" : "Enabled",
          "description" : "Enables or disables an audit event handler.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "commonHandlerPlugin" : {
      "type" : "object",
      "title" : "Audit Event Handler Factory",
      "propertyOrder" : 1,
      "properties" : {
        "handlerFactory" : {
          "title" : "Factory Class Name",
          "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete Splunk --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action Splunk --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action Splunk --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action Splunk --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query Splunk --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read Splunk --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update Splunk --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "splunkBuffering" : {
      "type" : "object",
      "title" : "Buffering",
      "propertyOrder" : 3,
      "properties" : {
        "batchSize" : {
          "title" : "Batch Size",
          "description" : "Maximum number of events that can be buffered (default: 10000).",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "writeInterval" : {
          "title" : "Write interval (in milliseconds)",
          "description" : "Interval at which buffered events are written to Splunk.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "maxEvents" : {
          "title" : "Queue Capacity",
          "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "splunkConfig" : {
      "type" : "object",
      "title" : "Splunk Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "sslEnabled" : {
          "title" : "SSL Enabled",
          "description" : "Use HTTPS protocol for communication with Splunk.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "host" : {
          "title" : "Server Hostname",
          "description" : "Host name or IP address of Splunk server.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authzToken" : {
          "title" : "Authorization Token",
          "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "port" : {
          "title" : "Server Port",
          "description" : "Port number of Splunk server.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "commonHandler" : {
      "type" : "object",
      "title" : "General Handler Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "topics" : {
          "title" : "Topics",
          "description" : "List of topics handled by an audit event handler.",
          "propertyOrder" : 200,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enabled" : {
          "title" : "Enabled",
          "description" : "Enables or disables an audit event handler.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "commonHandlerPlugin" : {
      "type" : "object",
      "title" : "Audit Event Handler Factory",
      "propertyOrder" : 1,
      "properties" : {
        "handlerFactory" : {
          "title" : "Factory Class Name",
          "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    }
  }
}

Global Operations

Resource path:

/global-config/services/audit/Splunk

Resource version: 1.0

create

Usage

am> create Splunk --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "commonHandler" : {
      "type" : "object",
      "title" : "General Handler Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "topics" : {
          "title" : "Topics",
          "description" : "List of topics handled by an audit event handler.",
          "propertyOrder" : 200,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enabled" : {
          "title" : "Enabled",
          "description" : "Enables or disables an audit event handler.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "splunkBuffering" : {
      "type" : "object",
      "title" : "Buffering",
      "propertyOrder" : 3,
      "properties" : {
        "maxEvents" : {
          "title" : "Queue Capacity",
          "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "writeInterval" : {
          "title" : "Write interval (in milliseconds)",
          "description" : "Interval at which buffered events are written to Splunk.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "batchSize" : {
          "title" : "Batch Size",
          "description" : "Maximum number of events that can be buffered (default: 10000).",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "splunkConfig" : {
      "type" : "object",
      "title" : "Splunk Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "host" : {
          "title" : "Server Hostname",
          "description" : "Host name or IP address of Splunk server.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "sslEnabled" : {
          "title" : "SSL Enabled",
          "description" : "Use HTTPS protocol for communication with Splunk.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "port" : {
          "title" : "Server Port",
          "description" : "Port number of Splunk server.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "authzToken" : {
          "title" : "Authorization Token",
          "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "commonHandlerPlugin" : {
      "type" : "object",
      "title" : "Audit Event Handler Factory",
      "propertyOrder" : 1,
      "properties" : {
        "handlerFactory" : {
          "title" : "Factory Class Name",
          "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete Splunk --global --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action Splunk --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action Splunk --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action Splunk --global --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query Splunk --global --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read Splunk --global --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update Splunk --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "commonHandler" : {
      "type" : "object",
      "title" : "General Handler Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "topics" : {
          "title" : "Topics",
          "description" : "List of topics handled by an audit event handler.",
          "propertyOrder" : 200,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enabled" : {
          "title" : "Enabled",
          "description" : "Enables or disables an audit event handler.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "splunkBuffering" : {
      "type" : "object",
      "title" : "Buffering",
      "propertyOrder" : 3,
      "properties" : {
        "maxEvents" : {
          "title" : "Queue Capacity",
          "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "writeInterval" : {
          "title" : "Write interval (in milliseconds)",
          "description" : "Interval at which buffered events are written to Splunk.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "batchSize" : {
          "title" : "Batch Size",
          "description" : "Maximum number of events that can be buffered (default: 10000).",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "splunkConfig" : {
      "type" : "object",
      "title" : "Splunk Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "host" : {
          "title" : "Server Hostname",
          "description" : "Host name or IP address of Splunk server.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "sslEnabled" : {
          "title" : "SSL Enabled",
          "description" : "Use HTTPS protocol for communication with Splunk.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "port" : {
          "title" : "Server Port",
          "description" : "Port number of Splunk server.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "authzToken" : {
          "title" : "Authorization Token",
          "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "commonHandlerPlugin" : {
      "type" : "object",
      "title" : "Audit Event Handler Factory",
      "propertyOrder" : 1,
      "properties" : {
        "handlerFactory" : {
          "title" : "Factory Class Name",
          "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.",
          "propertyOrder" : null,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    }
  }
}