All Apps and Add-ons

How to log the actual request made by the REST API modular input?

cudgel
Path Finder

How can I enable debug logging to capture the actual request being made by Splunk (with token substitution)? I have a REST input with custom tokens/response handler that stopped working after functioning properly for several months. If I make the same request via CURL and verify the endpoint is working properly. There is nothing in the python log on the heavy forwarder and the only errors in splunkd.log are from ExecProcessor and JsonLineBreaker:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 400 Client Error: Bad Request
ERROR JsonLineBreaker - JSON StreamId:11717245446002646617 had parsing error:Unexpected character while looking for value: 'h' - data_source=...
0 Karma
1 Solution

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

View solution in original post

0 Karma

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))
0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...