Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to get data from a Rest API in Splunk 6.3?

hierros
Explorer
‎10-05-2015 02:53 PM

I am trying to get data from a Rest Site. Splunk 6.3 no longer has the modular input that handles it. I went through the documentation on http event collector, but I don't see how it can get data from a rest site. Does anyone know how to get data from a rest site?

0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎11-03-2015 07:48 PM

Hi @hierros what do you mean by from a rest site? The HTTP Event Collector is not part of the REST Management endpoint, but it is an API that you can hit just the same.

What problem are you having?

Thanks

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎10-05-2015 04:57 PM

Hi @hierros,

As a general suggestion, here is some documentation on REST API input endpoints:
http://docs.splunk.com/Documentation/Splunk/6.3.0/RESTREF/RESTinput

What modular input were you using previously? We can discuss more specifics, if you don't find what you need in the above documentation.

All the best,
@frobinson_splunk

Reply

hierros
Explorer
‎10-07-2015 11:18 AM

I am an intern at Kaiser and new to Splunk. I have never used modular input before. I was tasked with data intake from a Rest API and really looking for a solution. The document seem to be similar to how http event collector works. Do you know if http event collector can get data from a Rest API?

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎10-07-2015 02:45 PM

Hi @hierros,
I discussed your question with a colleague and you can use HTTP Event Collector to get data via REST. You'll want to make sure that the data coming from the endpoint is sent or repackaged in JSON format in order to use Event Collector. You might write a script that gets the data and packages it in JSON. As part of Event Collector, use a token and make sure your Splunk instance is listening on the Event Collector port, using that token.

Please refer to the HTTP Event Collector documentation for more details on getting started.
http://dev.splunk.com/view/event-collector/SP-CAAAE6M

I hope that this helps! Please let us know if not. It's also an option to contact support for more guidance.

All the best,
@frobinson_splunk

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...