Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- REST lookup functionality
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
REST lookup functionality
Is there any functionality (built-in to Splunk, or that someone has created custom) to do lookups to an external RESTful service from within a Splunk search, which functions similarly to a static file lookup or DB lookup with the DB connect app? This mean the rest query run from Splunk would return a table of some kind, which could be used for doing a lookup.
Our organisation maintains a Service Oriented Architecture, where we prefer to expose data via API rather than query DBs directly. Using a service layer allows us to manage performance indexing and caching, and avoids issues caused by db structural change etc.
A search command which can query a REST endpoint and lookup on the table which is returned would be a very useful piece of functionality.
The REST modular input is not quite right, as it indexes data from REST rather than doing lookups on it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk rest api is at http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8
and examples: http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT
The actual rest reference is at http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTintro
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah I had misunderstood the direction of data flow. I imagine your option is a scripted lookup. As long as you can make a python script that returns the results you need you could tie it to a lookup.
http://www.georgestarcher.com/splunk-a-dns-lookup-for-abuse-contacts/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK thanks for the info, but I don't think this is relevant. My question is about how to access external REST interfaces from within Splunk, not about accessing the REST interface to Splunk itself. I'll tweak my question slightly to make it more clear.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
