Splunk
Realm Operations
Resource path:
/realm-config/services/audit/Splunk
Resource version: 1.0
create
Usage
am> create Splunk --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "commonHandler" : { "type" : "object", "title" : "General Handler Configuration", "propertyOrder" : 0, "properties" : { "enabled" : { "title" : "Enabled", "description" : "Enables or disables an audit event handler.", "propertyOrder" : 100, "required" : true, "type" : "boolean", "exampleValue" : "" }, "topics" : { "title" : "Topics", "description" : "List of topics handled by an audit event handler.", "propertyOrder" : 200, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "splunkConfig" : { "type" : "object", "title" : "Splunk Configuration", "propertyOrder" : 2, "properties" : { "port" : { "title" : "Server Port", "description" : "Port number of Splunk server.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "host" : { "title" : "Server Hostname", "description" : "Host name or IP address of Splunk server.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "sslEnabled" : { "title" : "SSL Enabled", "description" : "Use HTTPS protocol for communication with Splunk.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "authzToken" : { "title" : "Authorization Token", "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.", "propertyOrder" : null, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" } } }, "splunkBuffering" : { "type" : "object", "title" : "Buffering", "propertyOrder" : 3, "properties" : { "maxEvents" : { "title" : "Queue Capacity", "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.", "propertyOrder" : 700, "required" : true, "type" : "integer", "exampleValue" : "" }, "batchSize" : { "title" : "Batch Size", "description" : "Maximum number of events that can be buffered (default: 10000).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "writeInterval" : { "title" : "Write interval (in milliseconds)", "description" : "Interval at which buffered events are written to Splunk.", "propertyOrder" : 800, "required" : true, "type" : "integer", "exampleValue" : "" } } }, "commonHandlerPlugin" : { "type" : "object", "title" : "Audit Event Handler Factory", "propertyOrder" : 1, "properties" : { "handlerFactory" : { "title" : "Factory Class Name", "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.", "propertyOrder" : null, "required" : true, "type" : "string", "exampleValue" : "" } } } } }
delete
Usage
am> delete Splunk --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action Splunk --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action Splunk --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action Splunk --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query Splunk --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read Splunk --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update Splunk --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "commonHandler" : { "type" : "object", "title" : "General Handler Configuration", "propertyOrder" : 0, "properties" : { "enabled" : { "title" : "Enabled", "description" : "Enables or disables an audit event handler.", "propertyOrder" : 100, "required" : true, "type" : "boolean", "exampleValue" : "" }, "topics" : { "title" : "Topics", "description" : "List of topics handled by an audit event handler.", "propertyOrder" : 200, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "splunkConfig" : { "type" : "object", "title" : "Splunk Configuration", "propertyOrder" : 2, "properties" : { "port" : { "title" : "Server Port", "description" : "Port number of Splunk server.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "host" : { "title" : "Server Hostname", "description" : "Host name or IP address of Splunk server.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "sslEnabled" : { "title" : "SSL Enabled", "description" : "Use HTTPS protocol for communication with Splunk.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "authzToken" : { "title" : "Authorization Token", "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.", "propertyOrder" : null, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" } } }, "splunkBuffering" : { "type" : "object", "title" : "Buffering", "propertyOrder" : 3, "properties" : { "maxEvents" : { "title" : "Queue Capacity", "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.", "propertyOrder" : 700, "required" : true, "type" : "integer", "exampleValue" : "" }, "batchSize" : { "title" : "Batch Size", "description" : "Maximum number of events that can be buffered (default: 10000).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "writeInterval" : { "title" : "Write interval (in milliseconds)", "description" : "Interval at which buffered events are written to Splunk.", "propertyOrder" : 800, "required" : true, "type" : "integer", "exampleValue" : "" } } }, "commonHandlerPlugin" : { "type" : "object", "title" : "Audit Event Handler Factory", "propertyOrder" : 1, "properties" : { "handlerFactory" : { "title" : "Factory Class Name", "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.", "propertyOrder" : null, "required" : true, "type" : "string", "exampleValue" : "" } } } } }
Global Operations
Resource path:
/global-config/services/audit/Splunk
Resource version: 1.0
create
Usage
am> create Splunk --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "splunkConfig" : { "type" : "object", "title" : "Splunk Configuration", "propertyOrder" : 2, "properties" : { "authzToken" : { "title" : "Authorization Token", "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.", "propertyOrder" : null, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "port" : { "title" : "Server Port", "description" : "Port number of Splunk server.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "sslEnabled" : { "title" : "SSL Enabled", "description" : "Use HTTPS protocol for communication with Splunk.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "host" : { "title" : "Server Hostname", "description" : "Host name or IP address of Splunk server.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" } } }, "commonHandler" : { "type" : "object", "title" : "General Handler Configuration", "propertyOrder" : 0, "properties" : { "enabled" : { "title" : "Enabled", "description" : "Enables or disables an audit event handler.", "propertyOrder" : 100, "required" : true, "type" : "boolean", "exampleValue" : "" }, "topics" : { "title" : "Topics", "description" : "List of topics handled by an audit event handler.", "propertyOrder" : 200, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "splunkBuffering" : { "type" : "object", "title" : "Buffering", "propertyOrder" : 3, "properties" : { "maxEvents" : { "title" : "Queue Capacity", "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.", "propertyOrder" : 700, "required" : true, "type" : "integer", "exampleValue" : "" }, "batchSize" : { "title" : "Batch Size", "description" : "Maximum number of events that can be buffered (default: 10000).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "writeInterval" : { "title" : "Write interval (in milliseconds)", "description" : "Interval at which buffered events are written to Splunk.", "propertyOrder" : 800, "required" : true, "type" : "integer", "exampleValue" : "" } } }, "commonHandlerPlugin" : { "type" : "object", "title" : "Audit Event Handler Factory", "propertyOrder" : 1, "properties" : { "handlerFactory" : { "title" : "Factory Class Name", "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.", "propertyOrder" : null, "required" : true, "type" : "string", "exampleValue" : "" } } } } }
delete
Usage
am> delete Splunk --global --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action Splunk --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action Splunk --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action Splunk --global --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query Splunk --global --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
update
Usage
am> update Splunk --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "splunkConfig" : { "type" : "object", "title" : "Splunk Configuration", "propertyOrder" : 2, "properties" : { "authzToken" : { "title" : "Authorization Token", "description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.", "propertyOrder" : null, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "port" : { "title" : "Server Port", "description" : "Port number of Splunk server.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "sslEnabled" : { "title" : "SSL Enabled", "description" : "Use HTTPS protocol for communication with Splunk.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "host" : { "title" : "Server Hostname", "description" : "Host name or IP address of Splunk server.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" } } }, "commonHandler" : { "type" : "object", "title" : "General Handler Configuration", "propertyOrder" : 0, "properties" : { "enabled" : { "title" : "Enabled", "description" : "Enables or disables an audit event handler.", "propertyOrder" : 100, "required" : true, "type" : "boolean", "exampleValue" : "" }, "topics" : { "title" : "Topics", "description" : "List of topics handled by an audit event handler.", "propertyOrder" : 200, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "splunkBuffering" : { "type" : "object", "title" : "Buffering", "propertyOrder" : 3, "properties" : { "maxEvents" : { "title" : "Queue Capacity", "description" : "Maximum number of audit evens in the batch queue; additional events are dropped.", "propertyOrder" : 700, "required" : true, "type" : "integer", "exampleValue" : "" }, "batchSize" : { "title" : "Batch Size", "description" : "Maximum number of events that can be buffered (default: 10000).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "writeInterval" : { "title" : "Write interval (in milliseconds)", "description" : "Interval at which buffered events are written to Splunk.", "propertyOrder" : 800, "required" : true, "type" : "integer", "exampleValue" : "" } } }, "commonHandlerPlugin" : { "type" : "object", "title" : "Audit Event Handler Factory", "propertyOrder" : 1, "properties" : { "handlerFactory" : { "title" : "Factory Class Name", "description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement <code>org.forgerock.openam.audit.AuditEventHandlerFactory</code>.", "propertyOrder" : null, "required" : true, "type" : "string", "exampleValue" : "" } } } } }