Solved: Re: How to accept batch input from JSON REST API m...

dhruvgargTA · ‎06-13-2017

I have an endpoint that displays json data and I am looking for the REST polling data source to take native json lists and parse that as batch event input into Splunk.

Any Ideas?

Damien_Dallimor · ‎06-13-2017

Use a custom response handler with the REST Modular Input that will can split up the batch json response into individual events .

You declare the name of the response handler in your REST setup screen.

You place the implementation of the response handler in rest_ta/bin/responsehandlers.py

Ships with loads of examples to refer to and copy.

View solution in original post

Damien_Dallimor · ‎06-13-2017

Use a custom response handler with the REST Modular Input that will can split up the batch json response into individual events .

You declare the name of the response handler in your REST setup screen.

You place the implementation of the response handler in rest_ta/bin/responsehandlers.py

Ships with loads of examples to refer to and copy.

dhruvgargTA · ‎06-14-2017

Hmm, after investigating the response handlers in the file, there's a default JSONArrayHandler that solves my problem perfectly. No custom code necessary.

Thanks.

How to accept batch input from JSON REST API modular input?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms