Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- New user & REST API
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New user & REST API
I'm a new Splunk user and I'm trying to get a simplistic working data feed that I can build off of. I tend to learn better that way.
I'm trying to use the Ecobee API to poll my smart thermostat for data to import and index in Splunk. I've searched and found the Add-On Builder for Splunk which seems fitting for the job. I'm having trouble successfully configuring the app.
I can successfully run the following command from the Splunk server CLI:
curl -s -H 'Content-Type: text/json' -H 'Authorization: Bearer MY_ACCESS_TOKEN' 'https://api.ecobee.com/1/thermostat?format=json&body=\{"selection":\{"selectionType":"registered","selectionMatch":"","includeRuntime":true\}\}'
I'm having trouble running a successful test with what I believe are the same settings in the Add-On Builder data import wizard. Below are the settings I'm using in attempt to mirror the command above:
REST URL:
https://api.ecobee.com/1/thermostat?format=json&body=\{"selection":\{"selectionType":"registered","selectionMatch":"","includeRuntime":true\}\}
REST method:
GET
REST request headers:
Content-Type json
Authorization Bearer MY_ACCESS_TOKEN
The output given is:
The response status=403
I feel if I can get a basic query working, that I can step it out from there, but I can't figure out what I'm doing wrong. Any suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @TravisT
If you want to pull data from API you can create modular input by using Splunk Add-on Builder.
OR you can use Rest Api Add-on to pull data from API.
https://splunkbase.splunk.com/app/1546/
------------------------------------------------------
If this help your like will be appreciated 😀
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @TravisT ,
Can't help you with the Addon Builder, but 2 other options:
1. Use this App from Splunkbase. Should be ready-to-go.
https://splunkbase.splunk.com/app/1546
2. Put your Curl command in a .sh script, or create a Python that does the same and use a Scripted input. The stdout of the script will be your indexed events in Splunk.
BR
Ralph
Karma and/or Solution tagging appreciated.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
