All Apps and Add-ons

Programatically create Rest API Modular Data Inputs

niordache
Explorer

Hi,

After experimenting a little with the REST API Modular Input and its capabilities there are some question that arose in my mind :

  • Is it possible using the Splunk App Framework to programatically create a REST Data input , parameterize its Endpoint URL/HTTP Method /Request Payload /HTTP Header Properties /etc ?

  • Consequently is it possible to delete/edit a previous created Rest Data Input ?

This would be usefull for me since the Request Payload parameter of the HTTP POST polls needs to be parameterized for each poll and doing it from the UI would be extremely tedious.

In case this is possible , please point me to the resources/docs that provide insight on how this can be achieved.

Thanks

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

You most definitely can.

Here is some sample code using the Splunk SDK for Python to create , update and delete a REST API Modular Input :

from splunklib.client import connect

def main():

    args = {'host':'localhost','port':8089,'username':'admin',"password":'somepass'}
    service = connect(**args)   

    #create REST Modular Input
    item = service.inputs.create('myrestinput','rest',endpoint='http://someurl/someapi/json',auth_type='none',url_args='arg1=val1,arg2=val2')

    #update REST Modular Input
    item.update(endpoint='http://someurl/someapi/xml')

    #delete REST Modular Input
    service.inputs.delete('myrestinput','rest')


if __name__ == '__main__':
    main();

View solution in original post

Damien_Dallimor
Ultra Champion

You most definitely can.

Here is some sample code using the Splunk SDK for Python to create , update and delete a REST API Modular Input :

from splunklib.client import connect

def main():

    args = {'host':'localhost','port':8089,'username':'admin',"password":'somepass'}
    service = connect(**args)   

    #create REST Modular Input
    item = service.inputs.create('myrestinput','rest',endpoint='http://someurl/someapi/json',auth_type='none',url_args='arg1=val1,arg2=val2')

    #update REST Modular Input
    item.update(endpoint='http://someurl/someapi/xml')

    #delete REST Modular Input
    service.inputs.delete('myrestinput','rest')


if __name__ == '__main__':
    main();

Damien_Dallimor
Ultra Champion

The "beta app framework" is now part of Splunk 6 and known as the "web framework" , http://dev.splunk.com/view/web-framework/SP-CAAAER6 , I would recommend using this. Although it is certainly possibly to achieve what you want with the old framework , it requires a very specific skillset , you'll find using the new web framework a lot simpler.

0 Karma

niordache
Explorer

Would it also be possible to make such changes using the "old framework" : http://dev.splunk.com/view/app-framework/SP-CAAADVF as opposed to using the beta app framework ?

0 Karma

Damien_Dallimor
Ultra Champion

Yes. The App Framework (http://dev.splunk.com/view/app-framework/SP-CAAAEMA) contains the Javascript and Python SDK's.

niordache
Explorer

Thanks a bunch for the input !

How about doing it from a app built using only Splunk App Framework ? Is it still achievable ?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...