Request Builder app icon

Request Builder

Make outbound HTTP/HTTPS API calls directly from SPL. The | req command enriches events with API responses, triggers webhooks, and integrates Splunk with any REST endpoint — supporting Basic, Bearer, and API key auth via Splunk Storage Passwords.

Built by
splunk product badge
screenshot
screenshot
Latest Version 1.0.0
March 24, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.3, 10.2, 10.1, 10.0, 9.4, 9.3, 9.2, 9.1
Rating

5

(4)

Log in to rate this app
Support
Request Builder support icon
Developer Supported addon
Request Builder adds the | req custom SPL command, letting you make outbound HTTP and HTTPS requests directly from the Splunk search pipeline without any extra middleware. The problem it solves: Splunk has no built-in way to call external REST APIs or webhooks during a search. Request Builder fills that gap by turning every event into a potential HTTP request — you can enrich events with live API responses, trigger SOAR or CI/CD workflows from alert actions, post data to ticketing or notification systems, or pull inventory and configuration from any REST endpoint, all with standard SPL syntax. Key capabilities: - Supports GET, POST methods - Custom request headers and JSON or plain-text request bodies - Cookie injection and configurable SSL verification (with certifi CA bundle) - Per-request timeout control - Authentication via HTTP Basic Auth, ****** or API key header — credentials stored securely in Splunk Storage Passwords, never in plain text in searches - Adds status_code, response, response_headers, and ssl_verify fields to each enriched event - Works across Splunk Enterprise 8.x+ and Splunk Cloud

Categories

IT Operations, Utilities

Created By

elif kaplans

Type

addon

Downloads

13

Licensing

Splunk End User License for Third Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing