All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

REST Response Handler in Addon Builder.

ansif
Motivator
‎05-18-2020 05:42 PM

Hi All,

Is there an option to handle API returned json data using Addon Builder?

I want to sort a field in descending order and create a checkpoint against it.

API doesn't have a feature/Method to sort by field.

And one more question,if I do checkpoint using the sorted timestamp field, checkpoint always get events greater than the timestamp? Because API doesn't have a feature to include >timestamp field.

My requirement is:

Call the end point and index only unique values. Everytime I make a call , getting whole events again and again. The API is very basic and doesn't have some kind of filters and sorts.

There is a timestamp field exist in the results that I can use in search to get dedup values but the license consumption is lot since we are getting same data again and again.

Thanks

0 Karma
Reply

pmeyerson
Path Finder
‎07-30-2020 06:56 PM

You can bring all the data in, and | dedup your search in Splunk, or use some custom python code with Add-On Builder... its not "out of the box" per se, but add-on builder would allow you to setup that customization yourself.

0 Karma
Reply

damode
Motivator
‎07-14-2020 11:16 PM

Were you eventually get it fixed ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...