How to create a splunk addon for REST API data input which calls REST API with a time attribute in the url which should be current time - 5 minutes every calls?
For example:
Current REST API calling time is :2019-11-20T13:05:00
Then rest API url should be
/webacs/api/v4/data/Alarms?alarmFoundAt=gt("2019-11-20T*13:00:00*")
to get alarms past 5 mins.
From image https://docs.splunk.com/File:AddonBuilder2.1_REST1.png, there is a parameter begin_date
which is similar to your request.
However, there is no functions such as get_current_date
in REST based modular input. We need to create a Python input with some Python functions to do that.