Skip to main content
Lantern Home

 

Splunk Lantern

Validating configurations with REST API in Splunk Cloud Platform 10.3.x

  1. Last updated
  2. Save as PDF

Large Splunk environments routinely deploy hundreds of configuration stanzas, yet administrators using Splunk Cloud Platform versions 10.2.x and below lack the access to run CLI for btool check before committing changes.

The Configuration Validation REST API in Splunk Cloud Platform version 10.3.x brings the same spec-level validation available on the CLI into a secure, REST-based workflow. This empowers Splunk administrators to catch configuration errors before they impact production. By validating .conf files through a REST API, organizations can prevent deployment failures, reduce troubleshooting time, and maintain higher system reliability, all without requiring command-line access.

You can use the Configuration Validation REST API on any Splunk configuration file with a corresponding .spec file, for example:

  • inputs.conf and inputs.conf.spec
  • outputs.conf and outputs.conf.spec
  • savedsearches.conf and savedsearches.conf.spec

Prerequisites

  • Splunk Cloud Platform version 10.3 or later

Procedure

Follow the steps below to submit the .conf content, run validation, and receive a structured JSON verdict before deployment and without needing command line access.

Step 1: Prepare configuration file

Export the .conf contents to the current directory or a specified file (example: inputs.conf).

Step 2: Call validation endpoint

Call the REST API (i.e. curl) to validate the configuration using the endpoint pattern:

POST /services/properties/<config_file>?validate=true

Parameters:

  • <config_file>: The name of the configuration file (without the .conf extension). Examples: inputs, outputs, savedsearches, props, transforms, etc.
  • validate=true: The query parameter that triggers validation mode (required).
  • --data-binary <file_path>: The path to the local configuration file that should be validated. Use @ syntax so curl streams the file: --data-binary @/path/to/inputs.conf

The example below shows a curl command that posts an inputs.conf configuration file to the validation REST endpoint with the specific curl flags needed to run the request (credentials, post request, and data format).

curl -k -u admin:password -X POST \
  --data-binary @inputs.conf \
  "https://splunk-instance:8089/services/properties/inputs?validate=true"

Step 3: Interpret response

The API returns a structured JSON response indicating the status of the validation.

Response fields:

  • validation_status : Either "success" or "failed"
  • config_type : The configuration file type that was validated
  • content_size : Size of the submitted configuration in bytes
  • error_count : Number of validation errors found (only present when failed)
  • errors : Array of detailed error messages with line numbers and stanza information

Additional resources

These resources might help you understand and implement this guidance:

  • Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their Success Plan. Engage the ODS team at ondemand@cisco.com if you would like assistance.