All Apps and Add-ons

How to log the actual request made by the REST API modular input?

cudgel
Path Finder

How can I enable debug logging to capture the actual request being made by Splunk (with token substitution)? I have a REST input with custom tokens/response handler that stopped working after functioning properly for several months. If I make the same request via CURL and verify the endpoint is working properly. There is nothing in the python log on the heavy forwarder and the only errors in splunkd.log are from ExecProcessor and JsonLineBreaker:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 400 Client Error: Bad Request
ERROR JsonLineBreaker - JSON StreamId:11717245446002646617 had parsing error:Unexpected character while looking for value: 'h' - data_source=...
0 Karma
1 Solution

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

View solution in original post

0 Karma

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))
0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...