Hi,
We are using REST API Modular Input to query the data for some open source monitoring tool. The output contains data for a group of servers visible in the output. We want to break this JSON output into multiple events per each server so that we can create dashboards easily.
{ [-]
id: 1
jsonrpc: 2.0
result: [ [-]
{ [-]
hostid: 12110
hosts: [ [-]
{ [-]
host: VDCQAPERFLOS01
hostid: 12110
name: VDCQAPERFLOS01
}
]
itemid: 214397
key_: perf_counter[\Processor(_Total)\% Processor Time]
lastvalue: 2.8321
name: CPU Capacity - Processor Time
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
In the above output, I expanded the result for one of the servers. So, for each server, I need a different event. Any help is highly appreciated.
Create a custom response handler by adding it to rest_ta/bin/responsehandlers.py
and declare it to be applied in your stanza setup.
There are many examples here for you to follow ie: https://github.com/damiendallimore/SplunkModularInputsPythonFramework/blob/master/implementations/re...
Rough example :
class YourCustomHandler:
def __init__(self,**args):
pass
def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint):
if response_type == "json":
output = json.loads(raw_response_output)
for server in output["result"]:
print_xml_stream(json.dumps(server))
else:
print_xml_stream(raw_response_output)
Create a custom response handler by adding it to rest_ta/bin/responsehandlers.py
and declare it to be applied in your stanza setup.
There are many examples here for you to follow ie: https://github.com/damiendallimore/SplunkModularInputsPythonFramework/blob/master/implementations/re...
Rough example :
class YourCustomHandler:
def __init__(self,**args):
pass
def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint):
if response_type == "json":
output = json.loads(raw_response_output)
for server in output["result"]:
print_xml_stream(json.dumps(server))
else:
print_xml_stream(raw_response_output)
Thanks Damien, this is exactly what I am looking for. It worked perfectly fine.