Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- What's the best way to import custom JSON data fro...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What's the best way to import custom JSON data from a web API?
I'd like to pull in JSON data like the one that is available from dev dot moves-app dot com slash activities. (It's from an API from an iOS app called Moves which tracks people's movements.)
I can think of lots of strategies, but I'd rather not reinvent the wheel. One issue (which could be a separate question), is how to get the data from the API into Splunk. My guess for that would be to build on top of the REST API Modular Input Splunk app, or write it myself.
My main question is to how to best handle the data once it comes in. The JSON that the API serves is quite different from traditional log data.
Thanks in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The REST API Modular Input has the ability to plugin custom response handlers to facilitate any custom handling or pre-processing of the raw JSON response before passing along to Splunk for indexing.
Have a look in rest_ta/bin/responsehandlers.py at the example TwitterEventHandler.
You then declare your custom response handler to be applied in your setup stanza for the REST input.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can certainly import and call another python module from responsehandlers.py
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a way to have my custom event handler in a separate .py file? I would like to avoid putting it in intoresponsehandlers.py. Please advise if there is any downside for doing it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's a similar thread: http://answers.splunk.com/answers/60608/injest-json-document-returned-from-an-monitoring-endpoint
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
