naftiko: 1.0.0-alpha2 info: label: Splunk Enterprise REST API — Search description: 'Splunk Enterprise REST API — Search. 8 operations. Lead operation: List Search Jobs. Self-contained Naftiko capability covering one Splunk business surface.' tags: - Splunk - Search created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: SPLUNK_API_KEY: SPLUNK_API_KEY capability: consumes: - type: http namespace: enterprise-rest-search baseUri: https://{host}:{port} description: Splunk Enterprise REST API — Search business capability. Self-contained, no shared references. resources: - name: services-search-jobs path: /services/search/jobs operations: - name: listsearchjobs method: GET description: List Search Jobs outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: search in: query type: string description: Filter search jobs by search string - name: sort_key in: query type: string description: Field to sort by - name: sort_dir in: query type: string description: Sort direction - name: createsearchjob method: POST description: Create a Search Job outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: services-search-jobs-export path: /services/search/jobs/export operations: - name: exportsearchresults method: GET description: Export Search Results outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: search in: query type: string description: The SPL search query to execute required: true - name: earliest_time in: query type: string description: Earliest time for the search - name: latest_time in: query type: string description: Latest time for the search - name: auto_cancel in: query type: integer description: Seconds of inactivity after which the search is cancelled - name: enable_lookups in: query type: boolean description: Whether to enable lookups during the search - name: services-search-jobs-search_id path: /services/search/jobs/{search_id} operations: - name: getsearchjob method: GET description: Get Search Job Details outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletesearchjob method: DELETE description: Delete a Search Job outputRawFormat: json outputParameters: - name: result type: object value: $. - name: services-search-jobs-search_id-control path: /services/search/jobs/{search_id}/control operations: - name: controlsearchjob method: POST description: Control a Search Job outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: services-search-jobs-search_id-events path: /services/search/jobs/{search_id}/events operations: - name: getsearchevents method: GET description: Get Search Events outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: earliest_time in: query type: string description: Earliest time boundary for events - name: latest_time in: query type: string description: Latest time boundary for events - name: search in: query type: string description: Post-processing search to filter events - name: field_list in: query type: string description: Comma-separated list of fields to return - name: truncation_mode in: query type: string description: How to truncate long lines - name: max_lines in: query type: integer description: Maximum number of lines per event - name: services-search-jobs-search_id-results path: /services/search/jobs/{search_id}/results operations: - name: getsearchresults method: GET description: Get Search Results outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: search in: query type: string description: Post-processing search string to filter results - name: field_list in: query type: string description: Comma-separated list of fields to return authentication: type: bearer token: '{{env.SPLUNK_API_KEY}}' exposes: - type: rest namespace: enterprise-rest-search-rest port: 8080 description: REST adapter for Splunk Enterprise REST API — Search. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/services/search/jobs name: services-search-jobs description: REST surface for services-search-jobs. operations: - method: GET name: listsearchjobs description: List Search Jobs call: enterprise-rest-search.listsearchjobs with: search: rest.search sort_key: rest.sort_key sort_dir: rest.sort_dir outputParameters: - type: object mapping: $. - method: POST name: createsearchjob description: Create a Search Job call: enterprise-rest-search.createsearchjob with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/services/search/jobs/export name: services-search-jobs-export description: REST surface for services-search-jobs-export. operations: - method: GET name: exportsearchresults description: Export Search Results call: enterprise-rest-search.exportsearchresults with: search: rest.search earliest_time: rest.earliest_time latest_time: rest.latest_time auto_cancel: rest.auto_cancel enable_lookups: rest.enable_lookups outputParameters: - type: object mapping: $. - path: /v1/services/search/jobs/{search-id} name: services-search-jobs-search-id description: REST surface for services-search-jobs-search_id. operations: - method: GET name: getsearchjob description: Get Search Job Details call: enterprise-rest-search.getsearchjob outputParameters: - type: object mapping: $. - method: DELETE name: deletesearchjob description: Delete a Search Job call: enterprise-rest-search.deletesearchjob outputParameters: - type: object mapping: $. - path: /v1/services/search/jobs/{search-id}/control name: services-search-jobs-search-id-control description: REST surface for services-search-jobs-search_id-control. operations: - method: POST name: controlsearchjob description: Control a Search Job call: enterprise-rest-search.controlsearchjob with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/services/search/jobs/{search-id}/events name: services-search-jobs-search-id-events description: REST surface for services-search-jobs-search_id-events. operations: - method: GET name: getsearchevents description: Get Search Events call: enterprise-rest-search.getsearchevents with: earliest_time: rest.earliest_time latest_time: rest.latest_time search: rest.search field_list: rest.field_list truncation_mode: rest.truncation_mode max_lines: rest.max_lines outputParameters: - type: object mapping: $. - path: /v1/services/search/jobs/{search-id}/results name: services-search-jobs-search-id-results description: REST surface for services-search-jobs-search_id-results. operations: - method: GET name: getsearchresults description: Get Search Results call: enterprise-rest-search.getsearchresults with: search: rest.search field_list: rest.field_list outputParameters: - type: object mapping: $. - type: mcp namespace: enterprise-rest-search-mcp port: 9090 transport: http description: MCP adapter for Splunk Enterprise REST API — Search. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-search-jobs description: List Search Jobs hints: readOnly: true destructive: false idempotent: true call: enterprise-rest-search.listsearchjobs with: search: tools.search sort_key: tools.sort_key sort_dir: tools.sort_dir outputParameters: - type: object mapping: $. - name: create-search-job description: Create a Search Job hints: readOnly: true destructive: false idempotent: false call: enterprise-rest-search.createsearchjob with: body: tools.body outputParameters: - type: object mapping: $. - name: export-search-results description: Export Search Results hints: readOnly: true destructive: false idempotent: true call: enterprise-rest-search.exportsearchresults with: search: tools.search earliest_time: tools.earliest_time latest_time: tools.latest_time auto_cancel: tools.auto_cancel enable_lookups: tools.enable_lookups outputParameters: - type: object mapping: $. - name: get-search-job-details description: Get Search Job Details hints: readOnly: true destructive: false idempotent: true call: enterprise-rest-search.getsearchjob outputParameters: - type: object mapping: $. - name: delete-search-job description: Delete a Search Job hints: readOnly: false destructive: true idempotent: true call: enterprise-rest-search.deletesearchjob outputParameters: - type: object mapping: $. - name: control-search-job description: Control a Search Job hints: readOnly: true destructive: false idempotent: false call: enterprise-rest-search.controlsearchjob with: body: tools.body outputParameters: - type: object mapping: $. - name: get-search-events description: Get Search Events hints: readOnly: true destructive: false idempotent: true call: enterprise-rest-search.getsearchevents with: earliest_time: tools.earliest_time latest_time: tools.latest_time search: tools.search field_list: tools.field_list truncation_mode: tools.truncation_mode max_lines: tools.max_lines outputParameters: - type: object mapping: $. - name: get-search-results description: Get Search Results hints: readOnly: true destructive: false idempotent: true call: enterprise-rest-search.getsearchresults with: search: tools.search field_list: tools.field_list outputParameters: - type: object mapping: $.