Injest JSON document returned from an monitoring e...

givanov · ‎10-02-2012

Hello,

I'm having a service which exports monitoring data through a JSON endpoint. Is it possible to have Splunk call that endpoint and injest the returned JSON document?

Thank you,
- George

nicholasgrabows · ‎12-27-2012

You could also try this a new splunkbase app called "importutil". It lets you import input from an http, ftp, or sftp url via the splunk search command line. sftp is experimental.

http://splunk-base.splunk.com/apps/69078/importutil

Here is an http example that imports data from the federal reserve economic data website:

|importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.csv
| multikv
| table DATE, VALUE

Set this up as a scheduled search. So it will hit the URL periodically.

dwaddle · ‎10-02-2012

Yes, use a scripted input. Splunk calls your script on an interval and your script makes the call to you service and emits the results on stdout which Splunk then indexes.

Injest JSON document returned from an monitoring endpoint

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation