Getting Data In

Good example of a working custom REST endpoint (but not an admin:* one)

sideview
SplunkTrust
SplunkTrust

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note that i do not want to use this with setup.xml and I just want a plain old endpoint that extends splunk.rest.BaseRestHandler, not an EAI endpoint.

http://www.splunk.com/base/Documentation/4.2.1/admin/restmapconf

Following what's written in restmap.conf I think I've done everything right and I've read through the doc a few times, but no luck.

I get a 500 response when I go to https://localhost:8089/services/my_path, saying "ImportError: No module named MyFileName" and I dont see how to debug or troubleshoot anything.

Here's my stanza in restmap.conf:

[script:random_unique_name_like_say_fred]
match = /my_path
handler = MyFileName.MyClassName
requireAuthentication = true

and in $SPLUNK_HOME/etc/apps//default/rest/MyFileName.py there is a class defined called MyClassName that extends splunk.rest.BaseRestHandler. And the python is pretty simple and running it manually it seems free of syntax errors.

Ideally if someone can point me to an app on Splunkbase that has successfully set up a non-EAI custom rest endpoint (ie one that is NOT used from guided setup aka setup.xml).

Failing that, can anyone see what I'm doing wrong, or can you tell me if there are any tricks to get some kind of debugging or troubleshooting going?

Tags (2)
1 Solution

sideview
SplunkTrust
SplunkTrust

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

View solution in original post

thellmann
Splunk Employee
Splunk Employee

We've added documentation to dev.splunk.com to cover Custom REST Endpoints.

 

(apologies for thread necromancy but this is still one of the top hits on gsearch for this topic somehow, 14 years later) 

0 Karma

ziegfried
Influencer

The pdfserver app implements a custom REST endpoint.

0 Karma

sideview
SplunkTrust
SplunkTrust

Note: It looks like since I posted this the docs were updated to list the correct directory. 😃

0 Karma

sideview
SplunkTrust
SplunkTrust

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...