REST API Modular Input
Overview
Details
The Python code in this App is dual 2.7/3 compatible.
This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements.
If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.
Release Notes
Version 1.9.7
updated the custom response handler method signature.Added in backwards compatibility for your existing custom response handlers , or you can update your handlers to use the new `call` method signature. Refer to `rest_ta/bin/responsehandlers.py` for examples.
Version 1.9.6
upgraded logging functionality
added a default response handler for oauth2
Version 1.9.5
upgraded logging functionality
Version 1.9.4
upgraded urllib3 library from 1.25.3 to 1.25.10
removed some logging debug messages , which are actually disabled by default , but the Splunk cloud folks don't like them
Version 1.9.3
logging enhancements for default requests messages
Version 1.9.2
enforced Python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.9.1).
Version 1.9.1
python3 compatibility tweaks
Version 1.9
general appinspect tidy ups
removed setup.xml and replaced with a custom JS/HTML dashboard for app setup
Version 1.8.7
added code to prevent passwords from other apps that might have their sharing set to Global from being concatenated into the rest_ta namespace.
Version 1.8.6
minor fix to encryption logic
Version 1.8.5
Improved the usability of the setup page for encrypting credentials
Version 1.8.4
can now pass oauth2 session through to a custom response handler
added config field for oauth2 expires_in
added a custom setup page if you require encryption of credentials
Version 1.8.3
updated the bundled version of the requests library to version 2.23.0
stateful variables/settings used to get persisted back to inputs.conf , now they get persisted to a custom config file reststate.conf , which should solve any unwanted auto restarting of the app by splunkd.
made error logging more verbose by adding stanza name
minor tweak to authhandlers.py for python 2/3 dual compatibility
bundled in python modules that are not packaged into Splunk versions pre 8 : urlib3 , certifi , chardet , idna
Version 1.8
Dual Python 2.7 and 3+ compatibility.
App will run on :
Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime
Version 1.7
added support for Certificate verification using a supplied CA Bundle file
Version 1.6
fixed Splunk 8 compatibility for manager.xml file
Version 1.5.7
added client certificate config options
Version 1.5.6
updated docs
Version 1.5.5
added trial key functionality
Version 1.5.4
added a triggers stanza to app.conf to prevent reloading after saving state back to inputs.conf
Version 1.5.3
Patched a bug to callbacks to Splunk for persisting state that required the activation key in the payload
Version 1.5.2
minor manager xml ui tweak for 7.1
Version 1.5.1
Corrected a build bug with responsehandlers
Version 1.5
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Added support for HEAD requests
Docs updated
Splunk 7.1 compatible
Version 1.4
Delimiter fix
Version 1.3.9
Can now declare a CRON pattern for your polling interval.
Multiple requests spawned by tokenization can be declared to run in parallel or sequentially.
Multiple sequential requests can optionally have a stagger time enforced between each request.
Version 1.3.8
Minor code fix for a logging statement error
Version 1.3.7
Added support for token replacement functions in the URL to be able to return a list
of values, that will cause multiple URL's to be formed and the requests for these
URL's will be executed in parallel in multiple threads. See tokens.py
Version 1.3.6
Added a custom response handler for rolling out generic JSON arrays
Refactored key=value delimited string handling to only split on the first "=" delimiter
Version 1.3.5
Ensure that token substitution in the endpoint URL is dynamically applied for each
HTTP request
Version 1.3.4
Added support for dynamic token substitution in the endpoint URL
ie : /someurl/foo/$sometoken$/goo
$sometoken$ will get substituted with the output of the 'sometoken' function
in bin/tokens.py
Currently have just shipped with 1 example token $datetoday$ which will dynamically resolve to today's date in format 2014-02-18
Version 1.3.3
Added support for sending and persisting cookies
Version 1.3.2
Changed the logic for persistence of state back to inputs.conf to occur directly after polling/event indexing has completed rather than waiting for the polling loop frequency sleep period to exit. This potentially deals with situations where you might terminate Splunk before the REST Mod Input has persisted state changes back to inputs.conf because it was in a sleep loop during shutdown.
Version 1.3.1
Cosmetic fix for 1.3 release
Version 1.3
Added a new feature that will automatically persist updates to URL Arguments , HTTP Header Propertys or HTTP Request Body content back to your inputs.conf stanza. Such a scenario might occur if you are using a custom response handler to dynamically calculate URL Arguments , such as a timestamp or event paging cursor, and you want this latest state to be persisted back into your configuration so that if you need to restart the REST input , it's configuration is in the latest polled state and can resume polling from where it left off.
Version 1.2
Upgraded underlying python requests library to version 2.0 , primarily to support the HTTP CONNECT verb
Version 1.1
Added support for user defined delimiter for multiple "key=value" fields .
Added hooks in responsehandlers.py for custom handling of responses, use cases such as URL arguments/HTTP header properties that might require a dynamic value per request , HTTP REL Header link following , dynamically changing the endpoint URL.
Version 1.0.6beta
Strip newlines from default output ++ add unbroken attribute to XML output stream so that Splunk props /transforms can be applied
Version 1.0.5beta
Added more robust exception handling
Version 1.0.4beta
Fixed minor script bug when printing http errors
Version 1.0.3beta
Added support for POST and PUT HTTP Methods for getting data. Not RESTful per say but a useful out for API's that are "REST like"
Version 1.0.2beta
Renamed the manager xml file to avoid naming clashes
Version 1.0.1beta
Fixed some spelling typos
Version 1.0beta
First release