Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Good example of a working custom REST endpoint (but not an admin:* one)

sideview
SplunkTrust
SplunkTrust
‎05-11-2011 12:01 PM

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note that i do not want to use this with setup.xml and I just want a plain old endpoint that extends splunk.rest.BaseRestHandler, not an EAI endpoint.

http://www.splunk.com/base/Documentation/4.2.1/admin/restmapconf

Following what's written in restmap.conf I think I've done everything right and I've read through the doc a few times, but no luck.

I get a 500 response when I go to https://localhost:8089/services/my_path, saying "ImportError: No module named MyFileName" and I dont see how to debug or troubleshoot anything.

Here's my stanza in restmap.conf: 

[script:random_unique_name_like_say_fred]
match = /my_path
handler = MyFileName.MyClassName
requireAuthentication = true

and in $SPLUNK_HOME/etc/apps//default/rest/MyFileName.py there is a class defined called MyClassName that extends splunk.rest.BaseRestHandler. And the python is pretty simple and running it manually it seems free of syntax errors.

Ideally if someone can point me to an app on Splunkbase that has successfully set up a non-EAI custom rest endpoint (ie one that is NOT used from guided setup aka setup.xml).

Failing that, can anyone see what I'm doing wrong, or can you tell me if there are any tricks to get some kind of debugging or troubleshooting going?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-11-2011 12:17 PM

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

View solution in original post

Reply
Solved! Jump to solution

ziegfried
Influencer
‎06-08-2011 12:03 PM

The pdfserver app implements a custom REST endpoint.

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎05-12-2011 10:50 PM

Note: It looks like since I posted this the docs were updated to list the correct directory. 😃

0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-11-2011 12:17 PM

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...