<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Filtering the request POST in Rest API in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476138#M81733</link>
    <description>&lt;P&gt;Hi @nalia_v, what kind of logs are we talking about and whats the API you're trying to fetch from ? &lt;/P&gt;

&lt;P&gt;From what I understand you're trying to read data via REST and push it into Splunk ? &lt;/P&gt;</description>
    <pubDate>Wed, 06 Nov 2019 10:57:56 GMT</pubDate>
    <dc:creator>DavidHourani</dc:creator>
    <dc:date>2019-11-06T10:57:56Z</dc:date>
    <item>
      <title>Filtering the request POST in Rest API</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476137#M81732</link>
      <description>&lt;P&gt;I apologize if somewhere there is already this topic on the portal.&lt;BR /&gt;
If there is, please click on the link.&lt;/P&gt;

&lt;P&gt;&lt;STRONG&gt;Question&lt;/STRONG&gt; &lt;BR /&gt;
There is a rest api request by POST method&lt;BR /&gt;
There is a rest api request using the post method, which accesses the URL and picks up the log in the format JSON.&lt;BR /&gt;
JSON log itself is VERY large and voluminous.&lt;BR /&gt;
When collecting, the forwarder and its turn begins to flow memory and CPU.&lt;BR /&gt;
The problem is that the log in the response is very large, but the log has unique &lt;STRONG&gt;ID&lt;/STRONG&gt; and &lt;STRONG&gt;time&lt;/STRONG&gt; fields.&lt;/P&gt;

&lt;P&gt;&lt;STRONG&gt;&lt;EM&gt;[{"ID":"65426","DATE":"2019-11-05T12:49:02+03:00"&lt;/EM&gt;&lt;/STRONG&gt;&lt;/P&gt;

&lt;P&gt;How can I configure / build a post request with filtering by timestamp or ID field ?&lt;BR /&gt;
That is, if by timestamp, the request would take logs only for the current day and increment the data.&lt;BR /&gt;
Or compared the ID field.&lt;BR /&gt;
How to specify these settings in the filter through the addon RestAPI ?&lt;/P&gt;</description>
      <pubDate>Wed, 06 Nov 2019 09:28:20 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476137#M81732</guid>
      <dc:creator>nalia_v</dc:creator>
      <dc:date>2019-11-06T09:28:20Z</dc:date>
    </item>
    <item>
      <title>Re: Filtering the request POST in Rest API</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476138#M81733</link>
      <description>&lt;P&gt;Hi @nalia_v, what kind of logs are we talking about and whats the API you're trying to fetch from ? &lt;/P&gt;

&lt;P&gt;From what I understand you're trying to read data via REST and push it into Splunk ? &lt;/P&gt;</description>
      <pubDate>Wed, 06 Nov 2019 10:57:56 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476138#M81733</guid>
      <dc:creator>DavidHourani</dc:creator>
      <dc:date>2019-11-06T10:57:56Z</dc:date>
    </item>
    <item>
      <title>Re: Filtering the request POST in Rest API</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476139#M81734</link>
      <description>&lt;P&gt;Hi @nalia_v &lt;/P&gt;

&lt;P&gt;Agree to what @DavidHourani mentioned. Could you please clarify more on this. &lt;/P&gt;

&lt;P&gt;Are you trying to load data from an external API into Splunk? If yes, you would have to look into the external systems's REST API documentation&lt;/P&gt;

&lt;P&gt;OR&lt;/P&gt;

&lt;P&gt;Are you trying to use's Splunk's REST API to query data? If yes, please provide a sample of the POST request that you are making and some sample data.&lt;/P&gt;</description>
      <pubDate>Wed, 06 Nov 2019 11:40:39 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476139#M81734</guid>
      <dc:creator>arjunpkishore5</dc:creator>
      <dc:date>2019-11-06T11:40:39Z</dc:date>
    </item>
    <item>
      <title>Re: Filtering the request POST in Rest API</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476140#M81735</link>
      <description>&lt;P&gt;Hi arjunpkishore5.&lt;BR /&gt;
higher answer.&lt;/P&gt;</description>
      <pubDate>Wed, 06 Nov 2019 12:51:59 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476140#M81735</guid>
      <dc:creator>nalia_v</dc:creator>
      <dc:date>2019-11-06T12:51:59Z</dc:date>
    </item>
    <item>
      <title>Re: Filtering the request POST in Rest API</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476141#M81736</link>
      <description>&lt;P&gt;The moderator is still checking my answer ))&lt;/P&gt;</description>
      <pubDate>Wed, 06 Nov 2019 12:52:47 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476141#M81736</guid>
      <dc:creator>nalia_v</dc:creator>
      <dc:date>2019-11-06T12:52:47Z</dc:date>
    </item>
    <item>
      <title>Re: Filtering the request POST in Rest API</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476142#M81737</link>
      <description>&lt;P&gt;I am trying to upload data through an addon RestAPI from the portal Bitrix24.&lt;BR /&gt;
Data regarding the activity of user actions - added / deleted directory, file ... and some other actions.&lt;/P&gt;

&lt;P&gt;&lt;STRONG&gt;&lt;EM&gt;{"result":[{"ID":"65426","DATE":"2019-11-05T12:49:02+03:00","USER_ID":"16707","IP_ADDRESS":"XXX.XXX.XXX.XXX","USER_AGENT":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko\/20100101 Firefox\/70.0","TYPE":"dir","ACTION":"create","OBJECT_ID":"406544","ENTITY_NAME":"\u0420\u0435\u043c\u043e\u043d\u0442 \u0438 \u0432\u0441\u0451 \u0447\u0442\u043e \u0441 \u043d\u0438\u043c \u0441\u0432\u044f\u0437\u0430\u043d\u043e","ENTITY_SIZE":"0","ENTITY_PATH":"\u0422\u0430\u0442\u044c\u044f\u043d\u0430 \u041c\u043e\u0442\u044b\u043b\u044c\/","ENTITY_VERSION":"","ENTITY_NAME_NEW":"","ENTITY_VERSION_NEW":"","ENTITY_PATH_NEW":""},&lt;BR /&gt;
{"ID":"65425","DATE":"2019-11-05T12:48:37+03:00","USER_ID":"17071","IP_ADDRESS":"XXX.XXX.XXX.XXX","USER_AGENT":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","TYPE":"file","ACTION":"upload","OBJECT_ID":"406543","ENTITY_NAME":"\u042f \u043f\u043e\u0434\u0430\u0440\u044e \u0442\u0435\u0431\u0435 \u041a\u0440\u044b\u043b\u044c\u044f. \u041a\u043d\u0438\u0433\u0430 File_name.pdf","ENTITY_SIZE":"2604457","ENTITY_PATH":"\u0425\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u0434\u043b\u044f \u0412\u0435\u0431-\u043c\u0435\u0441\u0441\u0435\u043d\u0434\u0436\u0435\u0440\u0430\/35793\/","ENTITY_VERSION":"1","ENTITY_NAME_NEW":"","ENTITY_VERSION_NEW":"","ENTITY_PATH_NEW":""},&lt;BR /&gt;
{"ID":"65424","DATE":"2019-11-05T12:47:46+03:00","USER_ID":"16707","IP_ADDRESS":"XXX.XXX.XXX.XXX","USER_AGENT":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko\/20100101 Firefox\/70.0","TYPE":"file","ACTION":"view","OBJECT_ID":"80519","ENTITY_NAME":"File_name88.pdf","ENTITY_SIZE":"469506","ENTITY_PATH":"\u0410\u043b\u0435\u043a\u0441\u0435\u0439 \u0414\u0430\u043d\u0438\u043b\u0438\u043d\/\u0417\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b\/","ENTITY_VERSION":"1","ENTITY_NAME_NEW":"","ENTITY_VERSION_NEW":"","ENTITY_PATH_NEW":""}&lt;/EM&gt;&lt;/STRONG&gt;&lt;/P&gt;

&lt;P&gt;The POST request itself is a normal URL with parameters in the line &lt;STRONG&gt;userID&lt;/STRONG&gt; and &lt;STRONG&gt;Token&lt;/STRONG&gt; by which the connection is made.&lt;BR /&gt;
I can’t drop it here, because it contains confidential data.&lt;BR /&gt;
Our corporate developers wrote specially api (on the Bitrix24 portal) to upload such data.&lt;BR /&gt;
Fine ! the slank takes them, but here it takes away ALL the data at once. And there is a lot of data for different dates.&lt;BR /&gt;
Also, our developers of the Bitrix24 portal have provided fields by which you can filter the request. But in which fields to specify them in the addon RestAPI settings.&lt;BR /&gt;
Query Parameters for Filtering Data (They are the same fields in the event.)&lt;BR /&gt;
ID&lt;BR /&gt;
date_from&lt;BR /&gt;
date_to &lt;BR /&gt;
type&lt;BR /&gt;
action&lt;BR /&gt;
limit&lt;BR /&gt;
offset&lt;/P&gt;

&lt;P&gt;I think the most basic fields by which you can filter with melon incrementation are:&lt;BR /&gt;
&lt;STRONG&gt;ID&lt;BR /&gt;
date_from&lt;BR /&gt;
date_to&lt;/STRONG&gt;&lt;/P&gt;

&lt;P&gt;But where to specify them in the add api addon is unclear.&lt;BR /&gt;
And if you rely on a time stamp, then how to increase the day&lt;/P&gt;</description>
      <pubDate>Wed, 30 Sep 2020 02:49:54 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Filtering-the-request-POST-in-Rest-API/m-p/476142#M81737</guid>
      <dc:creator>nalia_v</dc:creator>
      <dc:date>2020-09-30T02:49:54Z</dc:date>
    </item>
  </channel>
</rss>

