All Apps and Add-ons

How to log the actual request made by the REST API modular input?

cudgel
Path Finder

How can I enable debug logging to capture the actual request being made by Splunk (with token substitution)? I have a REST input with custom tokens/response handler that stopped working after functioning properly for several months. If I make the same request via CURL and verify the endpoint is working properly. There is nothing in the python log on the heavy forwarder and the only errors in splunkd.log are from ExecProcessor and JsonLineBreaker:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 400 Client Error: Bad Request
ERROR JsonLineBreaker - JSON StreamId:11717245446002646617 had parsing error:Unexpected character while looking for value: 'h' - data_source=...
0 Karma
1 Solution

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))

View solution in original post

0 Karma

cudgel
Path Finder

I modified the rest.py code to log the url with tokens when there is an exception:

# diff -b ../rest_ta/bin/rest.py rest_ta/bin/rest.py
524a525
>                     error_url = r.url
530a532
>                     logging.error("Problem URL: %s" % str(error_url))
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...