<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: can splunk pull in data via rest in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156560#M31728</link>
    <description>&lt;P&gt;Anyone? Anyone? Bueller? &lt;/P&gt;

&lt;P&gt;We are trying to make our Splunk a central place for triage, and while we get a lot of logs and data already, some of it isn't indexed (and shouldn't be), and is only available via REST API's.  If we could pull this in to view, it would complete the picture.&lt;/P&gt;</description>
    <pubDate>Sat, 10 May 2014 12:37:08 GMT</pubDate>
    <dc:creator>a212830</dc:creator>
    <dc:date>2014-05-10T12:37:08Z</dc:date>
    <item>
      <title>can splunk pull in data via rest</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156559#M31727</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;

&lt;P&gt;Is there anyway Splunk can pull in data dynamically via REST?  Looking for something similar to db connect dbquery - "rest_call ...endpoint" and display the data, but not index it. &lt;/P&gt;</description>
      <pubDate>Thu, 08 May 2014 10:46:47 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156559#M31727</guid>
      <dc:creator>a212830</dc:creator>
      <dc:date>2014-05-08T10:46:47Z</dc:date>
    </item>
    <item>
      <title>Re: can splunk pull in data via rest</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156560#M31728</link>
      <description>&lt;P&gt;Anyone? Anyone? Bueller? &lt;/P&gt;

&lt;P&gt;We are trying to make our Splunk a central place for triage, and while we get a lot of logs and data already, some of it isn't indexed (and shouldn't be), and is only available via REST API's.  If we could pull this in to view, it would complete the picture.&lt;/P&gt;</description>
      <pubDate>Sat, 10 May 2014 12:37:08 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156560#M31728</guid>
      <dc:creator>a212830</dc:creator>
      <dc:date>2014-05-10T12:37:08Z</dc:date>
    </item>
    <item>
      <title>Re: can splunk pull in data via rest</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156561#M31729</link>
      <description>&lt;P&gt;I don't think there's anything &lt;STRONG&gt;exactly&lt;/STRONG&gt; like what you want.  &lt;/P&gt;

&lt;P&gt;There's &lt;A href="http://apps.splunk.com/app/1546/"&gt;http://apps.splunk.com/app/1546/&lt;/A&gt; - which is a modular input extension to Splunk that does REST calls against an endpoint and indexes the results.  Splunk makes the call to the remote endpoint periodically.  I know you didn't want to index the data, so this is probably not what you want.&lt;/P&gt;

&lt;P&gt;Similarly, you can use one of Splunk's REST endpoints to submit new events.  See &lt;A href="http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fsimple"&gt;http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fsimple&lt;/A&gt; .  This also indexes the data, so it's not exactly what you're looking for.&lt;/P&gt;

&lt;P&gt;At this point, having given you two non-options, I would suggest you look at implementing your own custom search command.  In this way, you write a script that makes the necessary API calls and configure splunk to make it available as a search command.  It's not too bad.  See &lt;A href="http://docs.splunk.com/Documentation/Splunk/6.0.3/Search/Writeasearchcommand"&gt;http://docs.splunk.com/Documentation/Splunk/6.0.3/Search/Writeasearchcommand&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Sat, 10 May 2014 13:53:42 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/can-splunk-pull-in-data-via-rest/m-p/156561#M31729</guid>
      <dc:creator>dwaddle</dc:creator>
      <dc:date>2014-05-10T13:53:42Z</dc:date>
    </item>
  </channel>
</rss>

