- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How do I add an API as a data source?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I add an API as a data source?
I would like to add an API as a new data source in Splunk. I did a search in Documentation, but all I was able to find was information on the Splunk API. What am I missing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try to use this modular input for REST API
https://splunkbase.splunk.com/app/1546/
Hope I was able to help you. If so, some karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After much searching, I must agree that a script is the only way that I can do this. I found documentation on the application API and the basic setup is
1. Request a token, suppling "key", "username", "password" using HTTPS
2. Receive a token that expires after 30 minutes
3. Utilizing JWT, pass this token in the HTTPS authorization header of every request
4. Receive requested data in JSON format
5. Repeat 3 and 4 for each data point
6. And hope it doesn't take 30 minutes to complete the downloads
The application vendor has sample scripts (in C#) for each type of data requested so I can start converting to Python.
Which of these Data Inputs should I use REST API, HTTP Event Collector or Scripts?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this what you are looking for? http://dev.splunk.com/view/event-collector/SP-CAAAE6M
Not quite sure on your question
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to do is download data over https. I have a tenant id, user id and pw. Not sure if I should be using the "HTTP Event Collector" or the "REST API" data input. I don't see any configuration entry on either one of these data inputs that fit the credentials I was provided.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May be write a script to do the download and write to a file which Splunk can monitor OR output to console ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Doesn't having to write a script defeat the reason for the API? I was able to add a different API in version 6.3 of Splunk Enterprise but after the upgraded to 6.4.1, the input method has been changed and I don't see how to match the information I have to start the data input.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
New in Observability Cloud - Explicit Bucket Histograms
