All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

New user & REST API

TravisT
Engager
‎10-19-2020 02:23 PM

I'm a new Splunk user and I'm trying to get a simplistic working data feed that I can build off of.  I tend to learn better that way.

I'm trying to use the Ecobee API to poll my smart thermostat for data to import and index in Splunk.  I've searched and found the Add-On Builder for Splunk which seems fitting for the job.  I'm having trouble successfully configuring the app.

I can successfully run the following command from the Splunk server CLI:

 

curl -s -H 'Content-Type: text/json' -H 'Authorization: Bearer MY_ACCESS_TOKEN' 'https://api.ecobee.com/1/thermostat?format=json&body=\{"selection":\{"selectionType":"registered","selectionMatch":"","includeRuntime":true\}\}'

 

I'm having trouble running a successful test with what I believe are the same settings in the Add-On Builder data import wizard.  Below are the settings I'm using in attempt to mirror the command above:

 

REST URL:
https://api.ecobee.com/1/thermostat?format=json&body=\{"selection":\{"selectionType":"registered","selectionMatch":"","includeRuntime":true\}\}

REST method:
GET

REST request headers:
Content-Type           json
Authorization          Bearer MY_ACCESS_TOKEN

 

The output given is:

The response status=403

I feel if I can get a basic query working, that I can step it out from there, but I can't figure out what I'm doing wrong.  Any suggestions?

Labels (1)
Labels
Reply

vikramyadav
Contributor
‎10-21-2020 01:56 AM

Hi @TravisT 


If you want to pull data from API you can create modular input by using Splunk Add-on Builder.
OR you can use Rest Api Add-on to pull data from API.
https://splunkbase.splunk.com/app/1546/

------------------------------------------------------

If this help your like will be appreciated 😀

Reply

rnowitzki
Builder
‎10-20-2020 02:16 AM

Hi @TravisT ,

Can't help you with the Addon Builder, but 2 other options:

1. Use this App from Splunkbase. Should be ready-to-go.
https://splunkbase.splunk.com/app/1546

2. Put your Curl command in a .sh script, or create a Python that does the same and use a Scripted input. The stdout of the script will be your indexed events in Splunk.

BR
Ralph


--
Karma and/or Solution tagging appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...