Welcome to the new Splunkbase! To return to the old Splunkbase, .
Collections
Apps
Submit an app
Custom REST Command (crest) app icon

Custom REST Command (crest)

The Custom REST Command (`crest`) app transforms your Splunk environment into a powerful, interactive API integration hub. Modern IT and security operations depend on data from countless external systems, but integrating this data is often a complex challenge requiring external scripts, middleware, or manual processes that kill productivity.

Built by
splunk product badge
Latest Version 3.0.0
October 16, 2025
Compatibility
Not Available
Platform Version: 10.0, 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
Rating

0

(0)

Log in to rate this app
Support
Custom REST Command (crest) support icon
Developer Supported app
The Custom REST Command (`crest`) app transforms your Splunk environment into a powerful, interactive API integration hub. Modern IT and security operations depend on data from countless external systems, but integrating this data is often a complex challenge requiring external scripts, middleware, or manual processes that kill productivity. The `crest` command solves this by providing a seamless, feature-rich, and native way to send any HTTP request (`GET`, `POST`, `PUT`, `PATCH`, `DELETE`) directly from the Splunk search bar. This empowers you to not only fetch data but to automate actions, enrich events in real-time, and manage external systems without ever leaving the Splunk UI. Whether you're pulling threat intelligence, creating Jira tickets, updating a CMDB, or managing cloud resources, `crest` makes it simple, fast, and scalable. ### Why You Need This App 1. **Full API Interaction, Natively in Splunk:** Go beyond simple data fetching. With full support for `GET`, `POST`, `PUT`, `PATCH`, and `DELETE`, you can build complete, two-way integrations with any RESTful service. 2. **Automate and Enrich with Streaming Power:** Use `crest` in streaming mode to act on every event in a search result. With powerful token substitution (e.g., `url=".../users/$id$"`), you can dynamically update assets, enrich security events with external context, or automate responses at scale. 3. **Instantly Turn API Data into Splunk Tables:** Set `parse_response=true` to automatically convert messy API responses (JSON, CSV, XML) into clean, usable Splunk tables. The `json_path` parameter even lets you effortlessly extract data from deep within nested JSON structures. 4. **Simplified & Secure Authentication:** Forget complex header construction. Use the simple `auth_token` and `auth_type` parameters for easy Bearer, Basic, or other token-based authentication. The `verify_ssl=false` option provides flexibility for internal and test environments. 5. **Built for Control and Performance:** Avoid getting blocked by APIs with the built-in `delay` parameter for rate limiting in streaming mode. The robust `debug` mode lets you safely build and validate your requests before they ever leave Splunk. By combining the analytical power of Splunk with direct, flexible API interaction, the Custom REST Command (`crest`) unlocks new possibilities for automation and data enrichment. Install it today to transform your data workflows into an agile, fully integrated system.

Categories

Created By

Matheus Silva

Source Code

Type

app

Downloads

359

Licensing

Splunk Answers

Resources

Log in to report this app listing