I need to hit an API with a dynamic path, not one that requires parameters or a body. We need to get information back from a custom, authenticated API that works like whois. I need to pass a header with an authentication token, but the URI needs to end in an IP, like a whois call.
Is there a way to pass each IP found in a search to a service like whois? For example, given the following three IPs how would I use the add-on to make these calls?
https://www.whois.com/whois/1.1.1.1
https://www.whois.com/whois/1.1.1.2
https://www.whois.com/whois/1.1.1.3
Thank you!
Try this:
|makeresults count=1 | eval names="yahoo.com, msn.com, bing.com" | makemv names delim="," | mvexpand names | fields names | curl method=get uri="https://www.whois.com/whois/" datafield=names
If that works, do this
... some search ... | fields ips| curl method=get uri="https://www.whois.com/whois/" datafield=ips
Or this:
... some search ...
| fields ipv4
| map search="
|curl method=method uri="https://www.whois.com/whois/$ipv4$" user=username pass=password debug=true
| table *
"
If you want to take that map search and push it to summary index, or append it to a lookup for later use... you can do that OR you can continue to enrich and play with the data in the pipeline with standard splunk commands.
Really appreciate your help with this!
I actually tried both of those techniques and more, but unfortunately nothing works so far. Our internal REST API requires authentication so I'm using the "headerfield" option to pass a custom header containing an auth token. The method is "GET".
(Apologies for lack of specifics but I'm trying to hit a company proprietary, internal API.)
Any other suggestions or thoughts are appreciated!