Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using a Python script to call an API

bazcurtis178
Explorer
‎10-28-2017 04:05 AM

Hi,

I am trying to use the Sophos Central API. It uses a Python script to download the data into a file. I have successfully run this on my Mac, but I am not sure where to start in Splunk. I thought I would drop the script in $SPLUNK_HOME/bin/scripts, but the script is not seen.

I assume Splunk will then look at the downloaded file and index it?

Any help would be much appreciated.

0 Karma
Reply

bazcurtis178
Explorer
‎11-07-2017 12:38 PM

Thanks Damien. I will take a look at this on Friday.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎11-06-2017 03:58 PM

I have underlined where you enter 1) URL 2) HTTP Header propertys 3) URL parameters

alt text

Preview file
1 KB
0 Karma
Reply

bazcurtis178
Explorer
‎11-06-2017 09:56 AM

I have finally got back to this. Sorry for all the questions, but I appreciate the help.

I assumed that I would paste in the Header API key or API Access URL + Headers into the setup page, but I am not seeing a place for that. The URL is obvious, but where do the API tokens go? With only two to choose from I thought it would be simple?

Any other pointers would be most welcome.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎10-28-2017 11:51 AM

Having a quick look at the docs , https://community.sophos.com/kb/en-us/125169/ and the example script , https://github.com/sophos/Sophos-Central-SIEM-Integration

It would be very easy to use the REST API Modular Input and setup an input with Sophos URL , Auth headers, Checkpointing etc.. as detailed in the docs and skip the need to save a downloaded file to disk and rather just stream this data directly in to Splunk.

0 Karma
Reply

bazcurtis178
Explorer
‎10-30-2017 10:33 AM

Thanks for the replies. I will take a look at that and confirm the answer once tested. I like the look of the Rest API. I was hoping to get the data straight in to Splunk rather than download the file and get the data from there.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎10-30-2017 11:42 AM

That’s exactly what the rest api modular input would do. Same for a scripted input writing to stdout.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎10-28-2017 05:11 AM

Check out inputs.conf section regarding scripted inputs.

The scripted input indexes whatever is coming to stdout.

If your script downloads data to a file, perhaps a slight modification would make it print the data to stdout.

Another option is making the script run as a cron job and then using splunk inputs.conf monitor stanza to monitor the location that the script is putting data files into.

0 Karma
Reply

bazcurtis178
Explorer
‎10-28-2017 07:43 AM

Thanks for the reply. My first issue is getting the script to run. How do I get the script add to at least run once?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎10-28-2017 01:01 PM

This link does a pretty good job of explaining it:

https://sublimerobots.com/2017/01/simple-splunk-scripted-input-example/

The inputs.conf tells splunk to execute the script based on whatever interval you provide.

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...