Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Data type for cURL with JSON response

msn2507
Path Finder
‎05-25-2013 11:31 PM

Data source for my requirement is coming from HTTP request. I can fetch the data in command line using CURL command and seeking help on how to import that same in Splunk. The response expected is in json format.

I am going through the reference - http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Spath but it doesnt specify on how to import the data. Any help on how to feed splunk with CURL data would be great.

For example, my request in command line is like - curl "http://finance.google.com/finance/info?client=ig&q=NASDAQ%3aGOOG"

and the response - // [ { "id": "694653" ,"t" : "GOOG" ,"e" : "NASDAQ" ,"l" : "873.32" ,"l_cur" : "873.32" ,"s": "0" ,"ltt":"4:00PM EDT" ,"lt" : "May 24, 4:00PM EDT" ,"c" : "-9.47" ,"cp" : "-1.07" ,"ccol" : "chr" } ]

Tags (2)
0 Karma
Reply

msn2507
Path Finder
‎05-27-2013 09:01 PM

Guys, any help ?

0 Karma
Reply

msn2507
Path Finder
‎05-26-2013 11:05 PM

Thanks for your reply. I am going down the path of scripted input as importutil doesnt support cURL.

I have couple of questions

  1. I am following this reference to extract the fields but the search (sourcetype="count_size" | spath output=myfield path=text.size) doesnt yield anything for a response like this -

{"text": {
"data": "Click here",
"size": 36,
"data": "Learn more",
"size": 37,
"data": "Help",
"size": 38,
}
os_version : "10.9,
updated_at : "2013-05-27T04:24:57Z",
user_string : ""
}

Please help me construct an spath search for json response.

  1. How do I tell Splunk to capture only the delta data of the request instead of capturing the entire response for every fetch ?
0 Karma
Reply

Ayn
Legend
‎05-25-2013 11:54 PM

importutil should do just what you want.

If you want to setup a more permanent input, you should set up a scripted input that uses for instance curl to get the data and then echoes it back into Splunk.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...