I'm trying to bring in web monitoring reports (number of runs, uptime, number of errors, etc) as a Json format using a rest call to the monitoring provider (Rigor), who has a rest API. I've still got to figure out what to do with that JSON data once it's in, but that's the next bridge.
I'm able to call the Rigor REST API using Postman with the following string:
GET https://my.rigor.com/reports/uptimes/report.json?location=all&start_date=custom&start=firstdate&end=lastdate&api_key=key
And that gives me my data points in a json format.
When I put (I think) the same string into the REST modular input in splunk... i'm not sure if it works. I have the data supposedly going to main as a test, but searching the main index brings up no results. I've probably input something wrong into my modular input, but I'm not sure where. These are my settings:
Endpoint URL: https://my.rigor.com
HTTP Method: GET
Authentication Type: none
HTTP Header Properties: blank
URL Arguments: location=all,api_key=key,start_date=custom
Response Type: json
Response Handler: blank
Response Handler Arguments: blank
Response Filter Pattern: blank
Streaming Request: unchecked
Index Error Responses: checked
When I enable this data input, I don't see anything in the main index (though unsure if I should yet), and when I search in the _internal index for the host, I see the following entry:
HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/nobody/launcher/data/inputs/rest/RIgor/: Broken pipe
Also, i'm uncertain how to call this data when I'm ready to do so. In search, do I use index=main sourcetype=_json and go from there?
Thanks for any help and your patience. :)
↧