I'm setting up REST API to index Json to splunk but for some reasons, it doesn't index anything to splunk at all. I have tried to set the response type to all of the formats in the list, also change the response handler class to JSONArrayHandler & default Handler and still couldn't get it to work. For the purpose of debuging it, I check the box to index error responses and still get nothing. I tried to use Postman to make an api call to it and receive a json file. What did I do wrong? Thank you!
Hi tamduong16,
Refer this you will get some idea..
trylog.php :
<?php
$data = '{"received":"2018-02-01 19:58:36","ipaddress":"127.0.01","response_text":"To know more about this rest api"}';
$usr = "admin";
$psw = "password";
$username = '$_REQUEST[username]';
$password = '$_REQUEST[password]';
//$usr == $username && $psw == $password
//print_r($_REQUEST);
session_start();
if ($_SESSION['login']==true || ($_REQUEST['username']=="admin" && $_REQUEST['password']=="password")) {
print $data;
$_SESSION['login']=true;
}else {
echo "incorrect login";
}
?>
Rest-api-modular-input configuration :
Endpoint URL * : http://localhost/trylog.php
URL Arguments : username=admin,password=password
Polling Interval : 10
Any error logs ?
Search index=_internal error rest.py
HI Damien, Here is the error:
03-14-2018 23:44:33.428 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\rest_ta\bin\rest.py"" Exception performing request: HTTPSConnectionPool(host='reqres.in', port=443): Max retries exceeded with url: /api/users?page=2 (Caused by : [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond)
I used postman to make this request and it works fine. I don't know what I did wrong in splunk. Thanks for the help!
That would therefore imply that your REST configuration is possibly wrong.
Share your postman and splunk rest configs for comparison.
Where can i find splunk rest configs?
it will get written to a [rest] stanza in an inputs.conf file somewhere , so just search for it.
[rest://Vbrick api/v1/user/login]
auth_type = none
endpoint = https://xxxxxxx.rev.vbrick.com/api/v1/user/login?username=abc&password=def
http_method = POST
index = vbrickreport
index_error_response_codes = 1
response_type = text
sequential_mode = 0
sourcetype = _json
streaming_request = 1
url_args =
response_handler = JSONArrayHandler
disabled = 1
I tried the same with default response handler but still don't have data in
I'm running python 3 on my computer. Could this be the reason to my problem?
Can you share sample API output data and configuration details.
Hi, here are the input and output data from the api call.
POST /api/v1/user/login
request parameters:
{
"username" : "john.smith",
"password": "Password123"
}
Request response:
{
"token": "T9-GJqSH7dQSBqcUUVP0la6IHEyc9cR00Mj2ysD_fPwdKv0JMOcsJ9Sf2jR8nSvwgRgaZasExlH1xd5-XeqmUg2",
"issuer": "VBrick",
"expiration": "2017-08-31T15:00:10.599Z",
"email": "john.smith@abc.com",
"id": "5b8f0285-7627-4ee7-b67b-e2e9e8944279",
"username": "john.smith",
"firstName": "John",
"lastName": "Smith",
"language": "English"
}