Problem: Importing file of JSON data from Twitter ...

djtaylor74 · ‎08-08-2013

Hi, I'm having a problem importing JSON formatted data into Splunk. It's retrieved via the Twitter API, stored in a file, and imported into Splunk via the universal forwarder. The result is that I get a single record (not the 94 I'm expecting to see), so I'm thinking it must be something to do with the file data format.

I've uploaded the file into a number of different JSON validators and all but one let it pass. It fails on jsonlint.com BUT, it then is validated fine on pro.jsonlint.com - figure that out!

So has anyone else come across this. I've had a good look in splunkbase, but only found one question similar-ish to this one.

I'm happy to provide further info if it helps, and also provide the file in question (I need more karma points to be able provide links here...).

Thanks.

davecroto · ‎08-08-2013

You can solve this parsing problem by installing and using this app:

http://splunk-base.splunk.com/apps/56296/twitter-for-splunk

djtaylor74 · ‎08-09-2013

I took a look at this app, but when entering my credentials on the set-up page I get:

Encountered the following error while trying to update: In handler 'localapps': Could not validate password for id="credential::djtaylor74:"

Anyone else encountered this type of error? Could it be a firewall issue?

So I've not been able to get any further with that particular app, and also I don't know if it'll meet my needs as I'm making very specific calls to the Twitter API and manipulating the JSON response before storing it.

Any further help greatly appreciated.

Problem: Importing file of JSON data from Twitter results in one single event?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes