Re: How to configure request payload in a POST HTT...

erwan_raulet · ‎03-26-2019

I want to use REST API Modular Input to count alarms from my Spectrum monitoring tool.
Here's the query I'm using with Postman to query my Spectrum server:

POST /spectrum/restful/alarms/count HTTP/1.1 
Host: MyServer:8080
Content-Type: application/xml,application/json
Authorization: Basic YmNpdC1waWwdcnBpbG90ZTE=
cache-control: no-cache 
<?xml version="1.0" encoding="UTF-8"?>
<rs:alarms-count-request xmlns:rs="http://www.ca.com/spectrum/restful/schema/request"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.ca.com/spectrum/restful/schema/request
../../../xsd/Request.xsd ">
<rs:alarm-filter name="def"/> 
</rs:alarms-count-request>

And the response:

<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
<alarmcount-response
xmlns="http://www.ca.com/spectrum/restful/schema/response">
    <critical>3</critical>
    <major>2</major>
    <minor>4</minor> </alarmcount-response>

Now its configuration in the module REST_ta of Splunk.

I get an HTTP 500 error in splunkd.log
I think this comes from the Request Payload field but I do not see my error. Can someone help me?

AKG1_old1 · ‎09-24-2021

@erwan_raulet : Did you able to solve it ? I have the same requirements. Not sure what format required in payload

How to configure request payload in a POST HTTP Method with REST API Modular Input?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation