All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Search and identify connectivity errors in REST Modular Input

rjlohan
Explorer
‎05-12-2015 07:03 PM

Hi,

I am using the REST API Modular Input app to query a RabbitMQ management API. If the service goes down, I get connectivity errors (as expected). But I can't see how to report back these errors to the Splunk index from the REST App. I can see errors in the splunkd.log stating;

05-13-2015 11:57:04.305 +1000 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\rest_ta\bin\rest.py"" Exception performing request: HTTPConnectionPool(host='localhost', port=15672): Max retries exceeded with url: /api/vhosts (Caused by <class 'socket.error'>: [Errno 10061] No connection could be made because the target machine actively refused it)

But I can't see these events in the Splunk serach. It would be great to combine succesful JSON data with another widget to monitor connectivity errors. Is this something I can do with this app, or do I need to indexc a new data source for this connection/service?

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎05-12-2015 07:33 PM

Any runtime errors (ie : messages that get written to splunkd.log) , are easily searchable in Splunk : 

index=_internal ExecProcessor error rest.py
Reply

dolivasoh
Contributor
‎05-12-2015 07:07 PM

Within the input configuration in the Splunk UI there should be a check box for "Index Error Responses"alt text

Preview file
35 KB
0 Karma
Reply

rjlohan
Explorer
‎05-12-2015 07:10 PM

Yeah I've got that turned on but it doesn't seem to do anything in this case. Perhaps that handles explicit HTTP errors, but what if the service is completely down? In this case, I don't get HTTP error, I get connectivity faults, as noted in the log above.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...