All Apps and Add-ons

How to log the actual request made by the REST API modular input?

cudgel
Path Finder

How can I enable debug logging to capture the actual request being made by Splunk (with token substitution)? I have a REST input with custom tokens/response handler that stopped working after functioning properly for several months. If I make the same request via CURL and verify the endpoint is working properly. There is nothing in the python log on the heavy forwarder and the only errors in splunkd.log are from ExecProcessor and JsonLineBreaker:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 400 Client Error: Bad Request
ERROR JsonLineBreaker - JSON StreamId:11717245446002646617 had parsing error:Unexpected character while looking for value: 'h' - data_source=...
0 Karma
1 Solution

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

View solution in original post

0 Karma

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

View solution in original post

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!