I have an endpoint that displays json data and I am looking for the REST polling data source to take native json lists and parse that as batch event input into Splunk.
Any Ideas?
Use a custom response handler with the REST Modular Input that will can split up the batch json response into individual events .
You declare the name of the response handler in your REST setup screen.
You place the implementation of the response handler in rest_ta/bin/responsehandlers.py
Ships with loads of examples to refer to and copy.
Use a custom response handler with the REST Modular Input that will can split up the batch json response into individual events .
You declare the name of the response handler in your REST setup screen.
You place the implementation of the response handler in rest_ta/bin/responsehandlers.py
Ships with loads of examples to refer to and copy.
Hmm, after investigating the response handlers in the file, there's a default JSONArrayHandler
that solves my problem perfectly. No custom code necessary.
Thanks.