Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Good example of a working custom REST endpoint (but not an admin:* one)

sideview
SplunkTrust
SplunkTrust
‎05-11-2011 12:01 PM

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note that i do not want to use this with setup.xml and I just want a plain old endpoint that extends splunk.rest.BaseRestHandler, not an EAI endpoint.

http://www.splunk.com/base/Documentation/4.2.1/admin/restmapconf

Following what's written in restmap.conf I think I've done everything right and I've read through the doc a few times, but no luck.

I get a 500 response when I go to https://localhost:8089/services/my_path, saying "ImportError: No module named MyFileName" and I dont see how to debug or troubleshoot anything.

Here's my stanza in restmap.conf: 

[script:random_unique_name_like_say_fred]
match = /my_path
handler = MyFileName.MyClassName
requireAuthentication = true

and in $SPLUNK_HOME/etc/apps//default/rest/MyFileName.py there is a class defined called MyClassName that extends splunk.rest.BaseRestHandler. And the python is pretty simple and running it manually it seems free of syntax errors.

Ideally if someone can point me to an app on Splunkbase that has successfully set up a non-EAI custom rest endpoint (ie one that is NOT used from guided setup aka setup.xml).

Failing that, can anyone see what I'm doing wrong, or can you tell me if there are any tricks to get some kind of debugging or troubleshooting going?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-11-2011 12:17 PM

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

View solution in original post

Reply
Solved! Jump to solution

thellmann
Splunk Employee
Splunk Employee
‎04-14-2025 12:40 PM

We've added documentation to dev.splunk.com to cover Custom REST Endpoints.

 

(apologies for thread necromancy but this is still one of the top hits on gsearch for this topic somehow, 14 years later) 

0 Karma
Reply
Solved! Jump to solution

ziegfried
Influencer
‎06-08-2011 12:03 PM

The pdfserver app implements a custom REST endpoint.

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎05-12-2011 10:50 PM

Note: It looks like since I posted this the docs were updated to list the correct directory. 😃

0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-11-2011 12:17 PM

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top