Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we get data from API in Splunk App on demand and without indexing it?

wazuhtest
Explorer
‎03-16-2018 08:41 AM

Hi,
Would it be possible to get data from an external RESTful API and draw the JSON results with Splunk element as charts or tables?
Thank you in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

starcher
Influencer
‎03-16-2018 09:50 AM

Yes you can make a custom search command to fetch and enhance your search data as fields.
https://docs.splunk.com/Documentation/Splunk/7.0.2/Search/Aboutcustomsearchcommands

View solution in original post

Reply
Solved! Jump to solution
Solution

starcher
Influencer
‎03-16-2018 09:50 AM

Yes you can make a custom search command to fetch and enhance your search data as fields.
https://docs.splunk.com/Documentation/Splunk/7.0.2/Search/Aboutcustomsearchcommands

Reply
Solved! Jump to solution

wazuhtest
Explorer
‎03-16-2018 10:47 AM

I appreciate so much your quick response .
After reading those documents it's not quite clear for me how to enhance the JSON results as data fields in order to draw charts or tables with them even if I make a command for fetching the data with 'wget' or 'curl'. Please, could you give me more details about it?
Thank you for your help

0 Karma
Reply
Solved! Jump to solution

starcher
Influencer
‎03-16-2018 11:26 AM

You need to have some development skills. Preferably python. You want a streaming command to add fields to events. This is an example of adding/modifying fields on events as they pass through the command. The code to get such data from an api is additional you'd have to do.
https://github.com/georgestarcher/TA-esreplacefields/blob/master/bin/esreplacefields.py

0 Karma
Reply
Solved! Jump to solution

wazuhtest
Explorer
‎03-16-2018 12:56 PM

Thank you so much, I will check it

0 Karma
Reply
Solved! Jump to solution

wazuhtest
Explorer
‎03-19-2018 04:13 AM

Hi again @starcher, I've been checking out your scripts and I think there are some conceptual issues I'm still not getting. How could I retrieve those fetched jsons from the script to the Splunk app? And how could I draw, for example, a table with them if they're not indexed?
Lets say that I want to fetch data from - https://externfoo.bar/logs?page=1 when I press page 1 in the table, https://externfoo.bar/logs?page=2 when page 2 is pressed, and so. All in real time and on demand.
Thank you again for your help

0 Karma
Reply
Get Updates on the Splunk Community!

See Splunk Platform & Observability Innovations at Cisco Live EMEA

Hi Splunkers, Learn about what’s next for Splunk Platform at Cisco Live EMEA.  Data silos are a big challenge ...

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...