I would like to add an API as a new data source in Splunk. I did a search in Documentation, but all I was able to find was information on the Splunk API. What am I missing?
Try to use this modular input for REST API
https://splunkbase.splunk.com/app/1546/
After much searching, I must agree that a script is the only way that I can do this. I found documentation on the application API and the basic setup is
1. Request a token, suppling "key", "username", "password" using HTTPS
2. Receive a token that expires after 30 minutes
3. Utilizing JWT, pass this token in the HTTPS authorization header of every request
4. Receive requested data in JSON format
5. Repeat 3 and 4 for each data point
6. And hope it doesn't take 30 minutes to complete the downloads
The application vendor has sample scripts (in C#) for each type of data requested so I can start converting to Python.
Which of these Data Inputs should I use REST API, HTTP Event Collector or Scripts?
Is this what you are looking for? http://dev.splunk.com/view/event-collector/SP-CAAAE6M
Not quite sure on your question
I am trying to do is download data over https. I have a tenant id, user id and pw. Not sure if I should be using the "HTTP Event Collector" or the "REST API" data input. I don't see any configuration entry on either one of these data inputs that fit the credentials I was provided.
May be write a script to do the download and write to a file which Splunk can monitor OR output to console ?
Doesn't having to write a script defeat the reason for the API? I was able to add a different API in version 6.3 of Splunk Enterprise but after the upgraded to 6.4.1, the input method has been changed and I don't see how to match the information I have to start the data input.