Solved: REST API option for compressed file? Can I index a...

tamduong16 · ‎09-15-2017

I want to set up a REST API call to https get request but this site will return a zip file instead of xml, jason , or text. Is there a way I could set it to index the zip file? If not, is there any workaround? This is the description from the site:

Damien_Dallimor · ‎09-15-2017

You can try using a custom response handler that will unzip the file for you.

Create a custom handler in $SPLUNK_HOME/etc/apps/rest_ta/bin/responsehandlers.py
Declare the handler in your configuration

Psuedo code examples :

View solution in original post

lfedak_splunk · ‎09-18-2017

Hey @tamduong16, if @damien solved your problem, please close the question and award karma points by accepting the answer. 🙂 Happy Splunking!

Damien_Dallimor · ‎09-15-2017

You can try using a custom response handler that will unzip the file for you.

Create a custom handler in $SPLUNK_HOME/etc/apps/rest_ta/bin/responsehandlers.py
Declare the handler in your configuration

Psuedo code examples :

REST API option for compressed file? Can I index a zip file?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!