Re: REST API Modular Input: HTTP Response Status C...

bimord · ‎05-12-2020

Hi @Damien Dallimore
My question is similar to this one : https://answers.splunk.com/answers/186128 but I need a bit more guidance please (and am on Splunk 7.3.0)

I have a REST endpoint that returns json but I require the http status codes to compare the json response to.
I know that is achieved with a custom response handler and i know how to select the custom handler in the UI but I don't know how to python 😞

Please help me

smuderasi · ‎05-26-2025

Thanks @PrewinThomas , Do you have sample custom response handler which outputs both status code and body.

smuderasi · ‎05-26-2025

Facing same issue, Was this resolved?

PrewinThomas · ‎05-26-2025

@smuderasi

Splunk’s REST Modular Input allows you to ingest data from REST APIs. By default, only the response body (e.g., JSON) is indexed. To also capture the HTTP status code, you need a custom response handler—a Python class that processes the HTTP response and outputs both the status code and the body.

REST API Modular Input: HTTP Response Status Codes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation