All Apps and Add-ons

REST API Modular Input v1.3.7 - Enhancements

DanielFordWA
Contributor

I have started to learn python and made some basic edits to the REST API Modular Input v1.3.7 tokens.py and responsehandlers.py files.

There is some extra functionality I think would be very helpful.

  • It would be great if the polling interval could be done on a CRON schedule. I only need to query some endpoints once a day and entering a 86400 second polling interval only seems to start from the enabling of the endpoint. I am being asked to set the time for 3am, waking up at 3am to setup the Data Input is a bit difficult. Also when people setup inputs how can I find out when the data is due to arrive? I may be wrong on this, sorry if I am.

  • Love the recent functionality that tokens can return a list of values. http://answers.splunk.com/answers/260134/rest-api-modular-input-combining-multiple-rest-url-1.html However on some backloads I have been asked to leave a certain amount of time between each call as I am back loading up to 2 years worth of data.

Thanks,

Dan

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

The latest release , version 1.3.9, of the REST API Modular Input now has this functionality. Enjoy !

alt text

View solution in original post

Damien_Dallimor
Ultra Champion

The latest release , version 1.3.9, of the REST API Modular Input now has this functionality. Enjoy !

alt text

Damien_Dallimor
Ultra Champion

Good to hear 🙂

0 Karma

DanielFordWA
Contributor

Thanks for this. Much appreciated

0 Karma

DanielFordWA
Contributor

The enhancements work a treat! It makes a huge difference to how I can use Splunk, much appreciated.

0 Karma

DanielFordWA
Contributor

I've noticed that if the Splunk server is restarted the REST Data Input will pull back data even with a 8600 delay.

The delay does not seem to carry over after the restart.

Adding a CRON Schedule I guess would solve this issue.

Thanks for looking at the enhancements

0 Karma

Damien_Dallimor
Ultra Champion

I have zero idea what the specification is for the REST endpoints you are polling.
But perhaps (and I am 100% guessing here) in the documentation there are options in the arguments for the REST endpoint you are calling that you can use to maintain a cursoring position. It might be an id or timestamp based cursor for example (based off other REST services such as Twitter's that I have seen).

0 Karma

Damien_Dallimor
Ultra Champion

Cheers , I'll look into this as soon as I can.

0 Karma

DanielFordWA
Contributor

Thanks. The setup I work with is a bit different from most, lots of the application is built on REST endpoints. This will be of great help.

0 Karma

Damien_Dallimor
Ultra Champion

UPDATE : code written , need to test a bit before release.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...