How to call a REST API using POST method to get da...

mayurrbc · ‎07-07-2022

Hello,

I am trying to get data in using Splunk rest API feature of Splunk add-on builder, however I am not able to get the results using POST method.

Does anyone know what is the correct syntax to pass JSON query in REST request body?

I tried using "data","payload","raw" as Name and in Value I have put the JSON query but it's not working.

I keep getting The response status=500 for request ....

PS: I have used postman to validate my request body and it works fine and return results. however, I am not able to do that using Splunk rest API. Not sure if I am missing something.

andrew_nelson · ‎09-08-2022

I know this is an old post, but posting an answer in case others need it.

To translate the body { "key1":"value1", "key2": "value2", ...}
The AOB request body will be :

Name: key1 Value: value1
Name: key2 Value: value2
Name: ..... Value: .......

Also, I see you're using Basic Auth. I'd suggest using Global Account in Add-On Setup Parameters. It should have a checkbox for Basic Auth.

How to call a REST API using POST method to get data using Splunk add-on builder?

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation