Solved: How to log the actual request made by the REST API...

cudgel · ‎04-02-2018

How can I enable debug logging to capture the actual request being made by Splunk (with token substitution)? I have a REST input with custom tokens/response handler that stopped working after functioning properly for several months. If I make the same request via CURL and verify the endpoint is working properly. There is nothing in the python log on the heavy forwarder and the only errors in splunkd.log are from ExecProcessor and JsonLineBreaker:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 400 Client Error: Bad Request
ERROR JsonLineBreaker - JSON StreamId:11717245446002646617 had parsing error:Unexpected character while looking for value: 'h' - data_source=...

cudgel · ‎04-02-2018

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

View solution in original post

cudgel · ‎04-02-2018

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

How to log the actual request made by the REST API modular input?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...