Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we get data from API in Splunk App on demand and without indexing it?

wazuhtest
Explorer
‎03-16-2018 08:41 AM

Hi,
Would it be possible to get data from an external RESTful API and draw the JSON results with Splunk element as charts or tables?
Thank you in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

starcher
Influencer
‎03-16-2018 09:50 AM

Yes you can make a custom search command to fetch and enhance your search data as fields.
https://docs.splunk.com/Documentation/Splunk/7.0.2/Search/Aboutcustomsearchcommands

View solution in original post

Reply
Solved! Jump to solution
Solution

starcher
Influencer
‎03-16-2018 09:50 AM

Yes you can make a custom search command to fetch and enhance your search data as fields.
https://docs.splunk.com/Documentation/Splunk/7.0.2/Search/Aboutcustomsearchcommands

Reply
Solved! Jump to solution

wazuhtest
Explorer
‎03-16-2018 10:47 AM

I appreciate so much your quick response .
After reading those documents it's not quite clear for me how to enhance the JSON results as data fields in order to draw charts or tables with them even if I make a command for fetching the data with 'wget' or 'curl'. Please, could you give me more details about it?
Thank you for your help

0 Karma
Reply
Solved! Jump to solution

starcher
Influencer
‎03-16-2018 11:26 AM

You need to have some development skills. Preferably python. You want a streaming command to add fields to events. This is an example of adding/modifying fields on events as they pass through the command. The code to get such data from an api is additional you'd have to do.
https://github.com/georgestarcher/TA-esreplacefields/blob/master/bin/esreplacefields.py

0 Karma
Reply
Solved! Jump to solution

wazuhtest
Explorer
‎03-16-2018 12:56 PM

Thank you so much, I will check it

0 Karma
Reply
Solved! Jump to solution

wazuhtest
Explorer
‎03-19-2018 04:13 AM

Hi again @starcher, I've been checking out your scripts and I think there are some conceptual issues I'm still not getting. How could I retrieve those fetched jsons from the script to the Splunk app? And how could I draw, for example, a table with them if they're not indexed?
Lets say that I want to fetch data from - https://externfoo.bar/logs?page=1 when I press page 1 in the table, https://externfoo.bar/logs?page=2 when page 2 is pressed, and so. All in real time and on demand.
Thank you again for your help

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...