All Apps and Add-ons

Splunk Webtools Add-on - UI Syntax?

kfeagans_splunk
Splunk Employee
Splunk Employee

In looking at the app "Webtools Add-On" (https://splunkbase.splunk.com/app/4146/#/overview - @jkat54 ), I'm curious on syntax translation from CLI to the UI.

For example, I am prototyping an API call to my sprinkler system (IoT demonstration use case) made by Rachio. Rachio publishes their API curl commands here: https://rachio.readme.io/docs/getting-started. A typical curl command looks like this: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 8e600a4c-0027-4a9a-9bda-abc8d5c90350d" https://api.rach.io/1/public/person/info

How would this translate to the inputs within the Webtools (Configuration) UI? I've tried a few different permutations and receive errors as outputs in search results (looks like the auth key isn't passed as expected by the endpoint). What would the UI look like in relation to the above CLI Curl command?

alt text

Thank you!

Kelly

jkat54
SplunkTrust
SplunkTrust

If you can use the | curl search command instead you could do something like this..

| makeresults count=1
| eval header="\{\"Authorization\":\"Bearer .....\",\"Content-Type\":\"application\/json\"\}"
| curl url="yourAPI" headerfield=header
| collect index=test
0 Karma

kfeagans_splunk
Splunk Employee
Splunk Employee

Hi @jkat54 ... looks like progress, but is "headerfield" an optional sub-command? I'm receiving an error as : command="curl", syntax: | curl [ choice: uri=<uri> OR urifield=<urifield> ] [ optional: method=<get | head | post | delete> verifyssl=<true | false> datafield=<datafield> data=<data> user=<user> pass=<password> debug=<true | false> splunkauth=<true | false> splunkpasswdname=<username_in_passwordsconf> splunkpasswdcontext=<appcontext> timeout=<float> ]

alt text

Thank you for the assistance!! this is going to be great when this thing works!

kelly

0 Karma

jkat54
SplunkTrust
SplunkTrust

Try removing your api key from your screenshot so no one else gets it

AND

Try escaping these {}. { } in your headerfield.

Looks like that may be the problem and not the "undocumented feature". Or maybe it's the forum removing the slashes

0 Karma

kfeagans_splunk
Splunk Employee
Splunk Employee

Thanks! I'll try a little later (I randomized the api key ;).

kf

jkat54
SplunkTrust
SplunkTrust

Sweet I was hoping so, but we always confirm/check when we see it!

0 Karma

jkat54
SplunkTrust
SplunkTrust

You might also try this example:

Setting a Custom Header & Test Data:
| makeresults count=1
| eval header="{\"content-type\":\"application/json\"}"
| eval data="{\"test data\":\"DATA\"}"
| curl method=post uri=https://localhost:8089/services user=admin pass=changeme debug=true headerfield=header datafield=data

0 Karma

kfeagans_splunk
Splunk Employee
Splunk Employee

removing the slashes reveals the "correct" statement in the eval as here ... https://ibb.co/j6K5sd9

I get a "method not supported" on your code above with Splunk v.8 ... I played around with it some, but I'm more after "get" than post.

0 Karma
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...