Splunk Enterprise

Properties/Arguments in Endpoint URL for REST Modular Input

splunk_svc
Path Finder

Hi Splunkers.
I'm trying to set up a REST input to bring back output from an API.

These are the parameters used to form the API Endpoint URL. i.e.

https://<my_api_base_endpoint>/<1st_parameter>/<authtype>/token?api-version=<api_version>;

In the above example I need to provide the above parameters to build the entire endpoint URL both before and after the "?" etc as opposed to hard-coding them in the endpoint URL field in the setup screen.

The config screen in Splunk web config for the REST input provides an area for URL arguments and and HTTP Header properties but nothing used in either of these two areas seems to get substituted into the actual URL that Splunk calls when it tries to contact the endpoint.

Any advice on where these parameters go so they can flesh out the endpoint URL when it's called?
Note that the initial call to the API is a POST to get an access token with all subsequent calls being a GET.

Finally, in case it's relevant to answering the question, this input will be running on a HF.

Cheers and thanks in advance.

0 Karma

Damien_Dallimor
Ultra Champion

If I understand the flow correctly , you might need to use a custom Auth Handler that will :

1) check if you have an auth token yet
2) if false , then perform a POST to get an auth token to the Auth URL and save this token for future GET calls
3) if true , then proceed with a GET to your Data API URL with the saved token from step 2

Is this correct ? If so , can you respond with the format of your Auth URL and your Data API URL so I can give a more concrete configuration example ? Or is it simply the same URL from your example , just differentiated by it being a POST or a GET ?

0 Karma

Sukisen1981
Champion

Hi,

You need to modify the bin/tokens.py UNDER the rest_ta app UNDE etc
Steps:
Configure REST Data Input
Endpoint URL: https:///<1st_parameter>//token?api-version=$z$ (taking z as an token example, api version 7)
URL Arguments: z=7
now navigate to bin/tokens.py UNDER the rest_ta app UNDE etc
add something like
def z():
z=7

return z

repeat same steps for token.
Try one dynamic parameter first..it will wok 🙂

0 Karma

Sukisen1981
Champion

Custom Response Handlers
from Damien Dallimore himself - https://splunkbase.splunk.com/app/1546/#/details
You can provide your own custom Response Handler. This is a Python class that you should add to the
rest_ta/bin/responsehandlers.py module.
You can then declare this class name and any parameters in the REST Input setup page.
Such use cases for implementing a custom response handler might include
dynamic setting of URL arguments/HTTP header propertys ie: a stream cursor
extracting the next link to follow from the response content or HTTTP REL header
custom pre-processing of the raw HTTP response before indexing in Splunk
dynamically changing the REST endpoint URL

0 Karma

splunk_svc
Path Finder

BTW, we are running v6.6.3 of Splunk Enterprise.

0 Karma
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...