All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to call a REST API using POST method to get data using Splunk add-on builder?

mayurrbc
Observer
‎07-07-2022 10:32 AM

Hello,

I am trying to get data in using Splunk rest API feature of Splunk add-on builder, however I am not able to get the results using POST method. 

 

Does anyone know what is the correct syntax to pass JSON query in REST request body?

I tried using "data","payload","raw" as Name and in Value I have put the JSON query but it's not working. 

I keep getting The response status=500 for request ....

PS: I have used postman to validate my request body and it works fine and return results. however, I am not able to do that using Splunk rest API. Not sure if I am missing something.

 

Screen Shot 2022-07-07 at 1.16.50 PM.png

Labels (1)
Labels
0 Karma
Reply

andrew_nelson
Communicator
‎09-08-2022 03:39 AM

I know this is an old post, but posting an answer in case others need it.

To translate the body { "key1":"value1", "key2": "value2", ...} 
The AOB request body will be :

Name: key1    Value: value1
Name: key2    Value: value2 
Name: .....          Value: .......

Also, I see you're using Basic Auth. I'd suggest using Global Account in Add-On Setup Parameters. It should have a checkbox for Basic Auth.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...