Orignally I set up two tokens in the tokens.py file, it did seem to work initially, but I ran into the same problem as this: https://answers.splunk.com/answers/311261/rest-api-modular-input-app-tokens-not-resetting.html
So I have been trying to implment the solution posted by Damien from the previous link but I'm getting an error message. My error message is:
"05-17-2016 12:59:50.949 +1200 ERROR ExecProcessor - message from "python /appl/splunk/etc/apps/rest_ta/bin/rest.py" Looks like an error substituting tokens: 'module' object has no attribute 'minTime'"
I'm not sure what I'm doing wrong, so any help or nudge in the right direction would be really appreicated :) Here is my inputs.conf and custom response handler
//inputs.conf
[rest://API Management Logs]
auth_password = **sanitised**
auth_type = basic
auth_user = **sanitised**
endpoint = https://**sanitised**/events?after=$minTime$&before=$maxTime$
http_method = GET
index_error_response_codes = 1
polling_interval = */1 * * * *
response_type = json
sequential_mode = 1
sourcetype = apimgmt_logs
streaming_request = 1
index = **sanitised**
response_handler = apimgmtResponseHandler
//Response handler
class apimgmtResponseHandler:
def __init__(self,**args):
pass
def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint):
print_xml_stream(raw_response_output)
time = datetime.datetime.utcnow()
time = time.strftime('%Y-%m-%dT%H:%M:%S.%f')
time = time[:-3]
maxTime = time+"Z"
time = datetime.datetime.utcnow() - timedelta(minutes=1.1)
time = time.strftime('%Y-%m-%dT%H:%M:%S.%f')
time = time[:-3]
minTime = time+"Z"
if not "params" in req_args:
req_args["params"] = {}
#implement the methods referred to here
req_args["params"]["minTime"] = maxTime
req_args["params"]["maxTime"] = minTime
↧