All Apps and Add-ons

New user & REST API


I'm a new Splunk user and I'm trying to get a simplistic working data feed that I can build off of.  I tend to learn better that way.

I'm trying to use the Ecobee API to poll my smart thermostat for data to import and index in Splunk.  I've searched and found the Add-On Builder for Splunk which seems fitting for the job.  I'm having trouble successfully configuring the app.

I can successfully run the following command from the Splunk server CLI:


curl -s -H 'Content-Type: text/json' -H 'Authorization: Bearer MY_ACCESS_TOKEN' '\{"selection":\{"selectionType":"registered","selectionMatch":"","includeRuntime":true\}\}'


I'm having trouble running a successful test with what I believe are the same settings in the Add-On Builder data import wizard.  Below are the settings I'm using in attempt to mirror the command above:


REST URL:\{"selection":\{"selectionType":"registered","selectionMatch":"","includeRuntime":true\}\}

REST method:

REST request headers:
Content-Type           json
Authorization          Bearer MY_ACCESS_TOKEN


The output given is:

The response status=403

I feel if I can get a basic query working, that I can step it out from there, but I can't figure out what I'm doing wrong.  Any suggestions?

Labels (1)


Hi @TravisT 

If you want to pull data from API you can create modular input by using Splunk Add-on Builder.
OR you can use Rest Api Add-on to pull data from API.


If this help your like will be appreciated 😀


Hi @TravisT ,

Can't help you with the Addon Builder, but 2 other options:

1. Use this App from Splunkbase. Should be ready-to-go.

2. Put your Curl command in a .sh script, or create a Python that does the same and use a Scripted input. The stdout of the script will be your indexed events in Splunk.


Karma and/or Solution tagging appreciated.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...