Splunk REST API Integration Overview (WIP)

REST API Overview #

This document provides various examples of connecting to a Splunk REST API from edgeCore.

Please see the following link as needed for Splunk REST API documentation:
http://dev.splunk.com/restapi

REST API Authentication (WIP) #

Access to the Splunk REST API is protected by Basic Authentication.

cURL reference request

curl-v-khttps://<splunk host>:8089/servicesNS/admin/search/search/jobs/export?output_mode=csv -d search=” savedsearch restApiTest”

REST API Example Connection Configuration #

edgeCore connects to the Splunk REST API using a Web Data Connection. An example Connection Configuration for the Splunk REST API is presented below:

Connection Property Example
Connection Name Splunk REST API
Destination https://<SplunkRestApiEndpoint>
SSO Handler Basic Auth
SSO Credentials Username: <splunk user>
Password: <splunk password>

Example Feed Configurations #

edgeCore makes requests to the ServiceNow REST API using the JSON Feed.  Below are defaults for all ServiceNow Feed configuration properties unless otherwise specified:

Default Feed Property Value
Request Headers None
Rule Name BaseData
Logging Production
Poll Period 60
Enable Server Subscription Yes

Listed below are a series of sample JSON Feed Configurations that make requests to the supported ServiceNow REST API:

ServiceNow Get Active Incidents #
Feed Property Value
Feed Name ServiceNow Get Active Incidents
Start URI /api/now/table/incident?sysparm_display_value=true&sysparm_exclude_reference_link=true&sysparm_limit=1000&active=true
HTTP Method GET
JSON Path $.result
ServiceNow Get Business Services #
Feed Property Value
Feed Property Value
Feed Name ServiceNow Get Business Services
Start URI /api/now/table/cmdb_ci_service?sysparm_exclude_reference_link=true&sysparm_limit=1000
HTTP Method GET
JSON Path

$.results #

Listed below are a series of sample JSON Feed Configurations that make requests to the unsupported ServiceNow REST API:

ServiceNow Get Business Service Nodes #
Feed Property Value
Feed Name ServiceNow Get Business Service Nodes
Start URI /ngbsmprocessor.do?actionType=loadBasic&cacheKill=1476736163076&cmd=get&id={nodeVar.ServiceNowServiceId}&level=5&mapScriptID=&serviceMode=false
HTTP Method GET
JSON Path $.nodes
Feed Property Value
Feed Name ServiceNow Get Business Service Links
Start URI /ngbsmprocessor.do?actionType=loadBasic&cacheKill=1476736163076&cmd=get&id={nodeVar.ServiceNowServiceId}&level=5&mapScriptID=&serviceMode=false
HTTP Method GET
JSON Path $.links