All Apps and Add-ons

How to call a REST API using POST method to get data using Splunk add-on builder?

mayurrbc
Observer

Hello,

I am trying to get data in using Splunk rest API feature of Splunk add-on builder, however I am not able to get the results using POST method. 

 

Does anyone know what is the correct syntax to pass JSON query in REST request body?

I tried using "data","payload","raw" as Name and in Value I have put the JSON query but it's not working. 

I keep getting The response status=500 for request ....

PS: I have used postman to validate my request body and it works fine and return results. however, I am not able to do that using Splunk rest API. Not sure if I am missing something.

 

Screen Shot 2022-07-07 at 1.16.50 PM.png

Labels (1)
0 Karma

andrew_nelson
Communicator

I know this is an old post, but posting an answer in case others need it.

To translate the body { "key1":"value1", "key2": "value2", ...} 
The AOB request body will be :

Name: key1    Value: value1
Name: key2    Value: value2 
Name: .....          Value: .......

Also, I see you're using Basic Auth. I'd suggest using Global Account in Add-On Setup Parameters. It should have a checkbox for Basic Auth.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...