Changing rest.py like the following:
From:
while True:
if polling_type == 'cron':
next_cron_firing = cron_iter.get_next(datetime)
while get_current_datetime_for_cron() != next_cron_firing:
time.sleep(float(1))
To:
if True:
Explanation:
Splunk already fires off the script every 5 minutes (by default... see "interval" in inputs.conf). It seems rest.py tries to incorporate its own scheduling, while ignoring Splunk's.
It seems the rest_ta creates it's own "polling_interval", and the loop ("while True:") never exits. Therefore every 5 minutes you get a new instance of rest.py which never exits.
By changing "while True:" to "if True:", you get rid of the loop and don't have to fix all the indenting. I got rid of the cron logic, too, because if the current time is ever later than the next firing, it will be another endless loop. If you want to control the timing, add an "interval" to the rest input in /opt/splunk/etc/apps/search/local/inputs.conf.
... View more