All Apps and Add-ons

REST API Modular Input v1.3.7 - Enhancements

DanielFordWA
Contributor

I have started to learn python and made some basic edits to the REST API Modular Input v1.3.7 tokens.py and responsehandlers.py files.

There is some extra functionality I think would be very helpful.

  • It would be great if the polling interval could be done on a CRON schedule. I only need to query some endpoints once a day and entering a 86400 second polling interval only seems to start from the enabling of the endpoint. I am being asked to set the time for 3am, waking up at 3am to setup the Data Input is a bit difficult. Also when people setup inputs how can I find out when the data is due to arrive? I may be wrong on this, sorry if I am.

  • Love the recent functionality that tokens can return a list of values. http://answers.splunk.com/answers/260134/rest-api-modular-input-combining-multiple-rest-url-1.html However on some backloads I have been asked to leave a certain amount of time between each call as I am back loading up to 2 years worth of data.

Thanks,

Dan

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

The latest release , version 1.3.9, of the REST API Modular Input now has this functionality. Enjoy !

alt text

View solution in original post

Damien_Dallimor
Ultra Champion

The latest release , version 1.3.9, of the REST API Modular Input now has this functionality. Enjoy !

alt text

Damien_Dallimor
Ultra Champion

Good to hear 🙂

0 Karma

DanielFordWA
Contributor

Thanks for this. Much appreciated

0 Karma

DanielFordWA
Contributor

The enhancements work a treat! It makes a huge difference to how I can use Splunk, much appreciated.

0 Karma

DanielFordWA
Contributor

I've noticed that if the Splunk server is restarted the REST Data Input will pull back data even with a 8600 delay.

The delay does not seem to carry over after the restart.

Adding a CRON Schedule I guess would solve this issue.

Thanks for looking at the enhancements

0 Karma

Damien_Dallimor
Ultra Champion

I have zero idea what the specification is for the REST endpoints you are polling.
But perhaps (and I am 100% guessing here) in the documentation there are options in the arguments for the REST endpoint you are calling that you can use to maintain a cursoring position. It might be an id or timestamp based cursor for example (based off other REST services such as Twitter's that I have seen).

0 Karma

Damien_Dallimor
Ultra Champion

Cheers , I'll look into this as soon as I can.

0 Karma

DanielFordWA
Contributor

Thanks. The setup I work with is a bit different from most, lots of the application is built on REST endpoints. This will be of great help.

0 Karma

Damien_Dallimor
Ultra Champion

UPDATE : code written , need to test a bit before release.

Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...