REST API Modular Input: HTTP Response Status Codes

bimord · ‎05-12-2020

Hi @Damien Dallimore
My question is similar to this one : https://answers.splunk.com/answers/186128 but I need a bit more guidance please (and am on Splunk 7.3.0)

I have a REST endpoint that returns json but I require the http status codes to compare the json response to.
I know that is achieved with a custom response handler and i know how to select the custom handler in the UI but I don't know how to python 😞

Please help me

smuderasi

Thanks @Prewin27 , Do you have sample custom response handler which outputs both status code and body.

smuderasi

Facing same issue, Was this resolved?

Prewin27

@smuderasi

Splunk’s REST Modular Input allows you to ingest data from REST APIs. By default, only the response body (e.g., JSON) is indexed. To also capture the HTTP status code, you need a custom response handler—a Python class that processes the HTTP response and outputs both the status code and the body.

REST API Modular Input: HTTP Response Status Codes

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Are you a member of the Splunk Community?

REST API Modular Input: HTTP Response Status Codes

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...