Getting Data In

Good example of a working custom REST endpoint (but not an admin:* one)

sideview
SplunkTrust
SplunkTrust

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note that i do not want to use this with setup.xml and I just want a plain old endpoint that extends splunk.rest.BaseRestHandler, not an EAI endpoint.

http://www.splunk.com/base/Documentation/4.2.1/admin/restmapconf

Following what's written in restmap.conf I think I've done everything right and I've read through the doc a few times, but no luck.

I get a 500 response when I go to https://localhost:8089/services/my_path, saying "ImportError: No module named MyFileName" and I dont see how to debug or troubleshoot anything.

Here's my stanza in restmap.conf:

[script:random_unique_name_like_say_fred]
match = /my_path
handler = MyFileName.MyClassName
requireAuthentication = true

and in $SPLUNK_HOME/etc/apps//default/rest/MyFileName.py there is a class defined called MyClassName that extends splunk.rest.BaseRestHandler. And the python is pretty simple and running it manually it seems free of syntax errors.

Ideally if someone can point me to an app on Splunkbase that has successfully set up a non-EAI custom rest endpoint (ie one that is NOT used from guided setup aka setup.xml).

Failing that, can anyone see what I'm doing wrong, or can you tell me if there are any tricks to get some kind of debugging or troubleshooting going?

Tags (2)
1 Solution

sideview
SplunkTrust
SplunkTrust

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

View solution in original post

ziegfried
Influencer

The pdfserver app implements a custom REST endpoint.

0 Karma

sideview
SplunkTrust
SplunkTrust

Note: It looks like since I posted this the docs were updated to list the correct directory. 😃

0 Karma

sideview
SplunkTrust
SplunkTrust

It turns out that the restmap.conf docs are wrong in at least one place.
Under handler=<SCRIPT>.<CLASSNAME>, they say

The file *must* live in an application's ../rest/ subdirectory.

and then in an example it explains further that this rest directory has to be inside default.

Both are wrong. The file must live in the application's "bin" directory, at $SPLUNK_HOME/etc/apps/<appname>/bin/. Once I put it there it starts working.

However I'll still accept any answer that points me to an app that does something semi-real around such an endpoint...

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...