Akamai Prolexic DNS GTM and SIEM API (Unofficial)

Unofficial Splunk add on for Akamai prolexic, DNS and GTM, and SIEM API ingestion. akamai:json_metrics -> collect Prolexic metrics using Prolexic API docs All data is logged as JSON objects. The ingestion is performed once for every run of the input but for only new or updated metrics. For each metric the input keeps track of the last epoch timestamp logged for each metric-contract/subnet and only the recents events are logged to avoid duplicates. akamai:json_conf -> collects GTM and DNS zones using Akamai GTM and DNS API All data is logged as JSON objects. The ingestion is performed once for every run of the input. akamai:json_event -> collects Prolexic events using Prolexic API. All data is logged as JSON objects. The ingestion is performed once for every run of the input but for only new or updated events. The input calculate and saves and hash for each events (using the helper checkpoint functions from Splunk or by falling back to a local file). Only events with new hashes are logged to avoid duplicates. akamai:json_siem collects SIEM API events. All data is logged as JSON objects. The ingestion is performed as long as the API return at least on event or the desidered time limit is reached. The input saves the offset provided by the API so in the next run it will start to collect new events (more details in the API docs). This is the input that usually is collecting a lot of data, be careful. Details: https://github.com/garis/Akamai-Splunk-API-integration Special thanks to https://github.com/Pastea