icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading REST API Modular Input
SHA256 checksum (rest-api-modular-input_209.tgz) 3846fb2200ca711a7510908e1b1e757db4380bc985b2161cb4667d9a503e3ce5 SHA256 checksum (rest-api-modular-input_208.tgz) e0dc966384541972452f7244fcfd547eafd9f361ca66e035e7b32e59890244d6 SHA256 checksum (rest-api-modular-input_207.tgz) cd375bba1d7a2dddb58ed86d9a11ab9b9ff2ec135a28dacb04ce24a769c3412c SHA256 checksum (rest-api-modular-input_206.tgz) e7e590543483755608b451909aa401dd0a9c74f53ce7bbd7dd644bd47dc56bc2 SHA256 checksum (rest-api-modular-input_205.tgz) 4e0343f77f4e217e773e14f107a84f775a7e2188567f9d571f639dccb9658fae SHA256 checksum (rest-api-modular-input_204.tgz) af89658117d262eea8f0bf56981dc74ab281098860494c7366aed32116ee4671 SHA256 checksum (rest-api-modular-input_203.tgz) dd974f6a35707d1ef0170cb81ba36e1c51a665437ac34181ce82aa1d9d4b80a3 SHA256 checksum (rest-api-modular-input_202.tgz) 359a548f54ede6c328e3abbbae96202816468566eb527b5b8a202e5cfb50f802 SHA256 checksum (rest-api-modular-input_201.tgz) 35351308f41e879154ba111c36605537e55678f0a2dc2ee070cd7bf744f1acc9 SHA256 checksum (rest-api-modular-input_199.tgz) f116291212d629322bc079feb9213b5613d1c0162e2b3d38909cd168931c7c97 SHA256 checksum (rest-api-modular-input_198.tgz) 2997311cc2c4236c3c80def8dd96f6aad111c10f4d90e9fcfe3c82ef3b38267f SHA256 checksum (rest-api-modular-input_197.tgz) 82a5ef1f87d7f9ef68728b7cc1717a11d885436eb30e30d34a80843be9f976e6 SHA256 checksum (rest-api-modular-input_196.tgz) cee6428bf90a760ab6e27f09f30f1c44850a5415c61b9e04c73d66b2545b5a5f SHA256 checksum (rest-api-modular-input_195.tgz) 3ad12adaf7616f058d3d02b536d08cfdbc5071ac3a1e879eabbfa2276c65ce35 SHA256 checksum (rest-api-modular-input_194.tgz) b78d4b8705757a91c9478229dcd600d5f08d6a09200b49595e461a176af21379 SHA256 checksum (rest-api-modular-input_193.tgz) d78d64d596663fd7c28092e640508d4b75821624737f76837d0cd2bf551eab0b SHA256 checksum (rest-api-modular-input_192.tgz) f2642957beb762c25be3c6498cdaa27e0422aa5f48098c5b116a5ee16a76451c SHA256 checksum (rest-api-modular-input_191.tgz) ab4c28a27fbb741beb13ebf316f4d5fb27188162f1ff4b853a1d47a1753a291a SHA256 checksum (rest-api-modular-input_19.tgz) c21cf3da51a391d3f9b04284b850e72a28166539994f83796b6178eb6c7f235f SHA256 checksum (rest-api-modular-input_187.tgz) f961718eb2012458a4dfe24174440634b399b73b351b341305fc71541467f4c5 SHA256 checksum (rest-api-modular-input_186.tgz) 6a6004f5d0b5e149543700b5d497325e2aa197a26fa75b2023507ac008a8bc25 SHA256 checksum (rest-api-modular-input_185.tgz) 913a2c80c8343c66cac01b23598c92b588bce8cae2cb84a0cd3f97a80f1dcd14 SHA256 checksum (rest-api-modular-input_184.tgz) 36167286c26aa9303250d4af063319d9fa3c61f41d691a29547d7cf2a44957c1 SHA256 checksum (rest-api-modular-input_183.tgz) 232df86953d82141af5ba9f6f86fa59fd8aaae19eb8a0c72b94f3edaada5051d SHA256 checksum (rest-api-modular-input_18.tgz) 9ffc19d61ba3fa444f7f993b2ca383c420e95850b4d0c4026145484090a5e63a SHA256 checksum (rest-api-modular-input_17.tgz) a0d2614995603f91830a4cd98d5aaf7044296e518a815d24e6c0f93e24ac4418 SHA256 checksum (rest-api-modular-input_16.tgz) 0a68880dbd8d1e7fd3ae17025595087b0ab31fd6046a757546782d7fcbcca636 SHA256 checksum (rest-api-modular-input_157.tgz) 7bdeea0193957135c6e7ad7510136cedea46a5065eb4029c1e714af3b85ea3a9 SHA256 checksum (rest-api-modular-input_156.tgz) 1f7c4c09dbf3a8331854ddc25aabd71b77aa4d80c3a5ef8a122f0439d3b418be SHA256 checksum (rest-api-modular-input_155.tgz) 2d7a8bdbf039d3d828a344b7859fbefcb902f19633ed773f377b6f5b28767f6e SHA256 checksum (rest-api-modular-input_154.tgz) 38d9c8b9d75f84f6363905def1ae39438ca7b19b366e7da266a46e240cef8699 SHA256 checksum (rest-api-modular-input_153.tgz) 93b4c5aeb5f4250e1be8d5cb62facf85afbf86d00c27d183e0339b0f61fa7482 SHA256 checksum (rest-api-modular-input_152.tgz) 28e24756c30db1a27aeb4a7b45315221c8b82340cb4937911bd7293360897af1 SHA256 checksum (rest-api-modular-input_151.tgz) fbbd22b46564092f5ce6962d9e68100077762821fab5e3d87581a86745991597 SHA256 checksum (rest-api-modular-input_15.tgz) 9461354ac859a85ff155b09f9e933957d59121fb76c08d1900c238d5d146dedd SHA256 checksum (rest-api-modular-input_14.tgz) 138251dceb5a5a4cd9ef1ddffa3b000e06167ced0abeb7dad48c2e663e3833e6 SHA256 checksum (rest-api-modular-input_139.tgz) 47a41f4c29ffe3ebb497a1e89270c3f4bf44bab895e00125b9e37c273cd6935c SHA256 checksum (rest-api-modular-input_138.tgz) 613516dd7888fea78c7e24490f372299bc27bc7ae5ebb01f0dac9908e8a8afea SHA256 checksum (rest-api-modular-input_137.tgz) 044cbfd260d4f9452ee09791eac1186f30f0c55d13a0d54fe2c830db93a78d6b SHA256 checksum (rest-api-modular-input_136.tgz) 74a65608a6df63a15ca44a1f15ebf92956d85f78ffc3872261f081e8217c469e SHA256 checksum (rest-api-modular-input_135.tgz) b61e5cc9300f8f1c16abd30237c919fb08d87688d22ab7b49fcb6826e515552f SHA256 checksum (rest-api-modular-input_134.tgz) ec256d36ddf9bc124a18c5b16870f0e730c68b79b28f2522b0652bd36224974c SHA256 checksum (rest-api-modular-input_133.tgz) b9a09c354c9f566572605a0f15ee5cd6a2b92f7e152fa8b88e693f09c079cf7d SHA256 checksum (rest-api-modular-input_132.tgz) 2f23faa3a7494b72e7e40442d41582c5101e1b28a5f3626d3a62deb6733ca5f0 SHA256 checksum (rest-api-modular-input_131.tgz) f7507e04f9ab7e55e9e3a6d79d516c04a19acf3e64b24654a6b3b94e25fcb854 SHA256 checksum (rest-api-modular-input_13.tgz) 7682fad33b9b00ff00b75ac54e1c211bf813de6b763e6a1fecb7d2f23939232f SHA256 checksum (rest-api-modular-input_12.tgz) c117cb0141ac603ce28c554e5802e35a6362a80b7cac855d31a7716af789a944 SHA256 checksum (rest-api-modular-input_104beta.tgz) 3d9aecc5c885424e4c16c325b08769908db9fdf4782825288359835e5f85dbcb SHA256 checksum (rest-api-modular-input_103beta.tgz) 6d8564aa36e4a2eee407cc64dc05cfbad38602f30daafed85960c326184de86f SHA256 checksum (rest-api-modular-input_102beta.tgz) 144d2f3fae6a973d8bf45c4cddb90bffcff33a69822788f39e90da1922e765d5
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


REST API Modular Input

This is a Splunk Modular Input for polling data from REST APIs and indexing the responses.

The Python code in this App is dual 2.7/3 compatible.
This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements.
If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.

For details of the support we offer for our Apps , browse to : https://www.baboonbones.com/#support

This App is fully AppInspect passed for installing in your own hosted Splunk Enterprise environments or on your own hosted Splunk Forwarders and forwarding the collected data into Splunk Cloud.

Installing the App directly in Splunk Cloud :

This App is designed to be completely generic enough to allow users to connect to any RESTful or HTTP(s) endpoint with any permutation of HTTP options (Headers , URL arguments , Proxies , Certificates, Authentication Schemes , etc..) , not to mention custom response handling, paging and in-flight preprocessing of received data.

But to allow for this completely generic capability we need to provide options over and above what Cloud permits. So we take the following approach to provision the App for customers wanting to install the App directly in Splunk Cloud for their specific configuration requirements.

If you want to install this App directly in Splunk Cloud , for our Commercially supported customers on our Ultra plan ( https://www.baboonbones.com/#support ) we provide custom private builds of any of our Apps tailored to the customer's specific requirements and configuration , and these custom private builds can then be uploaded as your own private Splunk Cloud Apps.

For customers that don't have support, we also offer the option to perform ad-hoc custom private builds of any of our Apps.

Browse to https://www.baboonbones.com/#cloud for more details of our Cloud options and offerings.

Release Notes

Version 2.0.9
July 30, 2023

robustified the logic to determine the Splunk management port value

Version 2.0.8
May 21, 2023

In some rare circumstances , and only on Windows , there may be permission errors rolling log files when you have configured multiple stanzas.Added a patch to uniquely name log files on a per stanza basis.

Version 2.0.7
Feb. 8, 2022

For OAuth2 refresh_token flows , you can now configure if the client_id/client_secret is sent in the Base64 encoded Basic Authentication header (default) or in the request body. Previous versions of the App put the client_id/client_secret in BOTH the header and request body.

Version 2.0.6
Jan. 25, 2022

some code checks to catch null passwords in environments with passwords.conf files that can't be decrypted

Version 2.0.5
Nov. 27, 2021

option to use the default bundled "certifi" CA Bundle rather than having to declare your own path to a CA Bundle

Version 2.0.4
Nov. 23, 2021

upgraded the Splunk Python SDK to v 1.6.18 to meet the latest App Inspect/Cloud Vetting rules.

Version 2.0.3
Sept. 26, 2021

By default ,for refresh_token flows, the client_id and client_secret will get placed as parameters in the request body. Added some code so that the client_id and client_secret will also be included as a Base64 encoded Basic Auth header , https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/

Version 2.0.2
Sept. 17, 2021

added a configuration option to select the grant type for OAuth2 flows

Version 2.0.1
May 12, 2021

updated the oauthlib backwards compatibility to python2.7

Version 1.9.9
March 10, 2021

Ensure any http/https proxies are available for OAuth2 Refresh Token URL requests

Version 1.9.8
Oct. 29, 2020

increase page size from 30 to unlimited for the list of encrypted keys.

Version 1.9.7
Oct. 6, 2020

updated the custom response handler method signature.Added in backwards compatibility for your existing custom response handlers , or you can update your handlers to use the new call method signature. Refer to rest_ta/bin/responsehandlers.py for examples.

Version 1.9.6
Oct. 6, 2020

upgraded logging functionality
added a default response handler for oauth2

Version 1.9.5
Sept. 29, 2020

upgraded logging functionality

Version 1.9.4
Sept. 23, 2020

upgraded urllib3 library from 1.25.3 to 1.25.10
removed some logging debug messages , which are actually disabled by default , but the Splunk cloud folks don't like them

Version 1.9.3
Aug. 23, 2020

logging enhancements for default requests messages

Version 1.9.2
Aug. 21, 2020

enforced Python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.9.1).

Version 1.9.1
Aug. 19, 2020

python3 compatibility tweaks

Version 1.9
Aug. 19, 2020

general appinspect tidy ups
removed setup.xml and replaced with a custom JS/HTML dashboard for app setup

Version 1.8.7
July 14, 2020

added code to prevent passwords from other apps that might have their sharing set to Global from being concatenated into the rest_ta namespace.

Version 1.8.6
July 12, 2020

minor fix to encryption logic

Version 1.8.5
July 7, 2020

Improved the usability of the setup page for encrypting credentials

Version 1.8.4
July 4, 2020

can now pass oauth2 session through to a custom response handler
added config field for oauth2 expires_in
added a custom setup page if you require encryption of credentials

Version 1.8.3
June 2, 2020

updated the bundled version of the requests library to version 2.23.0

stateful variables/settings used to get persisted back to inputs.conf , now they get persisted to a custom config file reststate.conf , which should solve any unwanted auto restarting of the app by splunkd.

made error logging more verbose by adding stanza name

minor tweak to authhandlers.py for python 2/3 dual compatibility

bundled in python modules that are not packaged into Splunk versions pre 8 : urlib3 , certifi , chardet , idna

Version 1.8
May 16, 2020

Dual Python 2.7 and 3+ compatibility.

App will run on :

Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime

Version 1.7
March 1, 2020

added support for Certificate verification using a supplied CA Bundle file

Version 1.6
Dec. 30, 2019

fixed Splunk 8 compatibility for manager.xml file

Version 1.5.7
Aug. 13, 2019

added client certificate config options

Version 1.5.6
April 23, 2019

updated docs

Version 1.5.5
April 19, 2019

added trial key functionality

Version 1.5.4
March 6, 2019

added a triggers stanza to app.conf to prevent reloading after saving state back to inputs.conf

Version 1.5.3
June 4, 2018

Patched a bug to callbacks to Splunk for persisting state that required the activation key in the payload

Version 1.5.2
June 3, 2018

minor manager xml ui tweak for 7.1

Version 1.5.1
May 30, 2018

Corrected a build bug with responsehandlers

Version 1.5
May 27, 2018

Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Added support for HEAD requests
Docs updated
Splunk 7.1 compatible

Version 1.4
Sept. 2, 2015

Delimiter fix

Version 1.3.9
July 15, 2015

Can now declare a CRON pattern for your polling interval.
Multiple requests spawned by tokenization can be declared to run in parallel or sequentially.
Multiple sequential requests can optionally have a stagger time enforced between each request.

Version 1.3.8
July 12, 2015

Minor code fix for a logging statement error

Version 1.3.7
July 3, 2015

Added support for token replacement functions in the URL to be able to return a list
of values, that will cause multiple URL's to be formed and the requests for these
URL's will be executed in parallel in multiple threads. See tokens.py

Version 1.3.6
Jan. 27, 2015

Added a custom response handler for rolling out generic JSON arrays
Refactored key=value delimited string handling to only split on the first "=" delimiter

Version 1.3.5
Aug. 20, 2014

Ensure that token substitution in the endpoint URL is dynamically applied for each
HTTP request

Version 1.3.4
Feb. 18, 2014

Added support for dynamic token substitution in the endpoint URL

ie : /someurl/foo/$sometoken$/goo

$sometoken$ will get substituted with the output of the 'sometoken' function
in bin/tokens.py

Currently have just shipped with 1 example token $datetoday$ which will dynamically resolve to today's date in format 2014-02-18

Version 1.3.3
Feb. 14, 2014

Added support for sending and persisting cookies

Version 1.3.2
Oct. 30, 2013

Changed the logic for persistence of state back to inputs.conf to occur directly after polling/event indexing has completed rather than waiting for the polling loop frequency sleep period to exit. This potentially deals with situations where you might terminate Splunk before the REST Mod Input has persisted state changes back to inputs.conf because it was in a sleep loop during shutdown.

Version 1.3.1
Oct. 24, 2013

Cosmetic fix for 1.3 release

Version 1.3
Oct. 24, 2013

Added a new feature that will automatically persist updates to URL Arguments , HTTP Header Propertys or HTTP Request Body content back to your inputs.conf stanza. Such a scenario might occur if you are using a custom response handler to dynamically calculate URL Arguments , such as a timestamp or event paging cursor, and you want this latest state to be persisted back into your configuration so that if you need to restart the REST input , it's configuration is in the latest polled state and can resume polling from where it left off.

Version 1.2
Oct. 16, 2013

Upgraded underlying python requests library to version 2.0 , primarily to support the HTTP CONNECT verb

Version 1.0.4beta
June 25, 2013

Fixed minor script bug when printing http errors

Version 1.0.3beta
June 25, 2013

Added support for POST and PUT HTTP Methods for getting data. Not RESTful per say but a useful out for API's that are "REST like"

Version 1.0.2beta
June 20, 2013

Renamed the manager xml file to avoid naming clashes

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.