Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

REST lookup functionality

Glenn
Builder
‎09-02-2014 01:16 AM

Is there any functionality (built-in to Splunk, or that someone has created custom) to do lookups to an external RESTful service from within a Splunk search, which functions similarly to a static file lookup or DB lookup with the DB connect app? This mean the rest query run from Splunk would return a table of some kind, which could be used for doing a lookup.

Our organisation maintains a Service Oriented Architecture, where we prefer to expose data via API rather than query DBs directly. Using a service layer allows us to manage performance indexing and caching, and avoids issues caused by db structural change etc.

A search command which can query a REST endpoint and lookup on the table which is returned would be a very useful piece of functionality.

The REST modular input is not quite right, as it indexes data from REST rather than doing lookups on it.

Tags (2)
Reply

starcher
Influencer
‎09-03-2014 06:56 AM

The Splunk rest api is at http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8
and examples: http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT
The actual rest reference is at http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTintro

0 Karma
Reply

starcher
Influencer
‎09-03-2014 07:16 AM

Ah I had misunderstood the direction of data flow. I imagine your option is a scripted lookup. As long as you can make a python script that returns the results you need you could tie it to a lookup.

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsfromexternaldatasources#Set_up...

http://www.georgestarcher.com/splunk-a-dns-lookup-for-abuse-contacts/

Reply

Glenn
Builder
‎09-03-2014 07:00 AM

OK thanks for the info, but I don't think this is relevant. My question is about how to access external REST interfaces from within Splunk, not about accessing the REST interface to Splunk itself. I'll tweak my question slightly to make it more clear.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...