- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- REST API Modular Input
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
REST API Modular Input
Hi - I've downloaded the application that Damien Dallimore has created ...I'm assuming that this application will allow me to access external data source(s) using RST calls, get the data and index into my splunk instance.
Is my assumption correct?
Also, how do I configure this application to specify what to extract and from where....
When I open the application , it gives me a standard search bar, menu options like normal application. Any pointers would be great.
Thanks, ronak
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not an App. It is a Modular Input Add-on.
Navigate to Data Inputs -> Rest - > New
The setup UI for a new REST input should be straightforward for most uses cases.
More advanced options are available for more complex uses cases. But start with the simple setup first and see how you go.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Damien ...highly appreciated. I'm still newbie to Splunk..
One more question in this regard if I may (I also have posted question on "Answers" ) - can REST API be used for executing search queries on user data, query summary models etc..Could not find any good reference. All the documentation of REST API pointed to accessing splunk configurations , updates etc...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not related to the REST API Modular Input.
But to answer your question , you can execute Splunk searches via Splunk's REST API : http://docs.splunk.com/Documentation/Splunk/6.2.1/RESTREF/RESTsearch
Further more , we have SDK's in various languages to make it easier to use the Splunk REST API to execute searches : http://dev.splunk.com/view/sdks/SP-CAAADP7
You'll find loads of examples under those links I posted.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Martin
Would you kindly share the steps meaning which directories and files I need to touch /modify, where to add these changes into configuration etc
Thanks, Ronak
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You assume correctly.
I know of two ways to influence what gets indexed - first, you can specify a regular expression that filters responses and only matches are indexed. Second, you can write a Python response handler that does whatever with the data returned by the REST endpoint before indexing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Martin
Would you kindly share the steps meaning which directories and files I need to touch /modify, where to add these changes into configuration etc
Thanks, Ronak
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
