All Apps and Add-ons

Rest URL startTime using checkpoint

BP9906
Builder

How do I get the Splunk AoB to use the checkpoint timestamp in the future URI requests?

I'm trying to have a default start time and then have it incremented based on what it saw last.

I end up with a inputs.conf.spec error when I attempt to use startTime in both REST URL parameters and in the checkpoint parameter name. Splunk complains about the checkpoint parameter name not being defined in inputs.conf.spec.

Unable to initialize modular input "test_audit_log" defined inside the app "TA-test-audit-collector": Endpoint argument "audit_time_checkpoint" has not been defined in the inputs.conf.spec file. All args defined via introspection must also be defined in the spec file.

0 Karma
1 Solution

BP9906
Builder

I found that I need to keep the checkpoint variable in all lowercase letters. Doing that resolved the error.

View solution in original post

0 Karma

Jasdeep
Loves-to-Learn Everything

issue resolved when I used checkpoint parameter name in lowercase.

0 Karma

BP9906
Builder

I found that I need to keep the checkpoint variable in all lowercase letters. Doing that resolved the error.

0 Karma

sirpatrick
Explorer

BP9906,

I have I think the same task at hand where my API has a start and end date option. I'd like to leverage the checkpoint to increment the start date in the next API call. My problem is that each JSON reply returns multiple records and the checkpointed field (created date/time) is in each but not necessarily in any order.  As such, I never know which is the latest date/time stamp.

Is there a way to find the highest value checkpoint and add 1 second to it for the next API start? How did you handle the increment?

0 Karma

ansif
Motivator

If you have used any checkpoint variable,just rename to something else and try.

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...