- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: REST Modular input no debug logs for a failure...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to using GET method using REST API modular input. I have 2 data sources with similar configuration except for a difference in polling interval.
The second one is not bringing in any data neither it is providing any logs. can you please help how we can find logs for this issue.
I have tried to query splunkd log with keywords - ExecProcessor, data input name, rest.py. None of them gave any clue on this issue. Can you please help how i can debug this issue further ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
after searching and googling. This command has helped me narrow down to the problem. But still i am trying to figure out why the error did not show up on _internal logs..... Does anyone have clues to direct me ?
./splunk cmd splunkd print-modinput-config rest rest://TitanReleaseOutageData |./splunk cmd python ../etc/apps/rest_ta/bin/rest.py
Exception in thread Thread-1:
Traceback (most recent call last):
File "/data/splunk_FDE/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/data/splunk_FDE/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "../etc/apps/rest_ta/bin/rest.py", line 417, in do_run
cron_iter = croniter(polling_interval_string, cron_start_date)
File "/data/splunk_FDE/etc/apps/rest_ta/bin/croniter-0.3.8-py2.7.egg/croniter/croniter.py", line 113, in __init__
t = self.ALPHACONV[i][t.lower()]
KeyError: '0/10'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
after searching and googling. This command has helped me narrow down to the problem. But still i am trying to figure out why the error did not show up on _internal logs..... Does anyone have clues to direct me ?
./splunk cmd splunkd print-modinput-config rest rest://TitanReleaseOutageData |./splunk cmd python ../etc/apps/rest_ta/bin/rest.py
Exception in thread Thread-1:
Traceback (most recent call last):
File "/data/splunk_FDE/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/data/splunk_FDE/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "../etc/apps/rest_ta/bin/rest.py", line 417, in do_run
cron_iter = croniter(polling_interval_string, cron_start_date)
File "/data/splunk_FDE/etc/apps/rest_ta/bin/croniter-0.3.8-py2.7.egg/croniter/croniter.py", line 113, in __init__
t = self.ALPHACONV[i][t.lower()]
KeyError: '0/10'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Adding more information to the question. Below is the configuration
$ ./splunk cmd splunkd print-modinput-config rest rest://TitanReleaseOutageData
<?xml version="1.0" encoding="UTF-8"?>
<input>
<server_host>myhost.com</server_host>
<server_uri>https://127.0.0.1:8089</server_uri>
<session_key>b4_Wiv99HyUQSU_zb4o1DJW2raTOLclrryu_O3zIGvQVICvl5hOuOjD5mlycQZlXOzQnDdTpCWG^HV0mwIQrEadrWBUbif4MOksL^I_wDaXCJj2Jp6hSIVPpNN</session_key>
<checkpoint_dir>/data/splunk_FDE/var/lib/splunk/modinputs/rest</checkpoint_dir>
<configuration>
<stanza name="rest://TitanReleaseOutageData" app="launcher">
<param name="activation_key">masked</param>
<param name="auth_type">none</param>
<param name="endpoint">RESTAPI here</param>
<param name="host">myhost.com</param>
<param name="http_method">GET</param>
<param name="index">500000750_fde_titan</param>
<param name="index_error_response_codes">1</param>
<param name="polling_interval">0/10 * * * *</param>
<param name="response_type">json</param>
<param name="sequential_mode">0</param>
<param name="sourcetype">_json</param>
<param name="streaming_request">0</param>
</stanza>
</configuration>
</input>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @praphulla1
I wonder if you have two inputs created with exactly the same name. this would mean that one would overwrite the other.
Might be worth checking.
Good luck!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply. But i did ensure that its different.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
