icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading REST API Modular Input
SHA256 checksum (rest-api-modular-input_207.tgz) 1c303b1a9047a6d1b4f5d72a373d85d3c8918bf66cf9ca0ed91e2fec4f1e0260 SHA256 checksum (rest-api-modular-input_206.tgz) 7852ce158ca77c733558390466ae91edef66af88922a00ecf700b636dceb467b SHA256 checksum (rest-api-modular-input_205.tgz) 94967c422d3b50f0ff7f2795eef04ce0e09313e56b0d93667295350784f69218 SHA256 checksum (rest-api-modular-input_204.tgz) 920aa8e9fd50abb2eae819d7a4a5c8be9e907c657393d7885506a432511a12de SHA256 checksum (rest-api-modular-input_203.tgz) 0690895976f1741f9f59ce1dec16d88582ed0b702e1d44bbe99aac8aeaac2140 SHA256 checksum (rest-api-modular-input_202.tgz) 1a1b10960d590cf0555645bbb1a823ed8003e5eb9c6196469df20c13e03b7194 SHA256 checksum (rest-api-modular-input_201.tgz) 31db83dbc9e4201c32f847c336391fbb00b967badcc1d53792389301855760bd SHA256 checksum (rest-api-modular-input_199.tgz) e16d73d33c80a8a67521c82b4a12cf484bcbb64b620e9e89d4a34fef4238dccf SHA256 checksum (rest-api-modular-input_198.tgz) b4ff78ebb4d9f9cdd988f59ed2ab3bb347a2c228fa476d2fcb0080e73c7c4bc7 SHA256 checksum (rest-api-modular-input_197.tgz) 861d1114a88500e11735b93cf17383aad07655458eb9e8f3ba7975f481d06ba7 SHA256 checksum (rest-api-modular-input_196.tgz) e42103d6311ccddfeaed3725887e0496116a7ba8911cdb5ab79140d1ecc428da SHA256 checksum (rest-api-modular-input_195.tgz) 4f5b522762abf43287cc1d8ef1bf23b9de013c0fc7a881c3b0515fe4f0a4694f SHA256 checksum (rest-api-modular-input_194.tgz) 540bc9801bbce4f9b7479ae4e8c6597e40aae83ee0e9bae9d718755b2d7c73db SHA256 checksum (rest-api-modular-input_193.tgz) a869df6be5a6eaf162a56dd352f8395813d1d183390a6be1eca773cc0e050a67 SHA256 checksum (rest-api-modular-input_192.tgz) 00337d7a0a9ea4e970a3ce2b881c10911d5777a27e1da696c72ffcea8f79f921 SHA256 checksum (rest-api-modular-input_191.tgz) e2ab5de7c58c77b2c2e0897a20bfeadbb28a62be9440e56933e001bad7e49e15 SHA256 checksum (rest-api-modular-input_19.tgz) 890e797c4390e39c51737aeb06e0295fe66cda60d10310422ee6d5cf6444bec8 SHA256 checksum (rest-api-modular-input_187.tgz) 34c3a2ceffc39d5f9b96dd62c92bc3b743de4df6a945207423dbc7e9d4dc6bd0 SHA256 checksum (rest-api-modular-input_186.tgz) ed3ea473b8989507d99adeef327100a253e3ad231b239d5a72cd2a1ee585f402 SHA256 checksum (rest-api-modular-input_185.tgz) bb8b64adbc6d5092ac8179971909f92b4e310cb6ba2c56b4ef0d3732e89bf976 SHA256 checksum (rest-api-modular-input_184.tgz) 1ac9b5b92641adafd03a75187ef72a61565d4c7a528b1e27d7b2c72f3d52c022 SHA256 checksum (rest-api-modular-input_183.tgz) 36b0f2d009c52b84de887199bc9b0dbc3c822005640497233b455a0775735ae1 SHA256 checksum (rest-api-modular-input_18.tgz) a9d36c4379db1cfc91cd71cf85e6ac7cbde245c70587436692c124618a674ff0 SHA256 checksum (rest-api-modular-input_17.tgz) bdd109817377e995f2900a494e34095b4d22e47e116b7bf4faafd4cad01b0b86 SHA256 checksum (rest-api-modular-input_16.tgz) 4d1bfdd77acd3ae0b6503862a4a5d42d4f41afdd9f2c42269f558178efbb0b9d SHA256 checksum (rest-api-modular-input_157.tgz) 06e7cd972292eb5daea90f0263f2f50f05803d3f78711e8cfe24b9ab9dd619b0 SHA256 checksum (rest-api-modular-input_156.tgz) c60667d30f24e25766a611e1d7e5386f1f1c3bd2cbe8b28a4409d8f1f6f4a136 SHA256 checksum (rest-api-modular-input_155.tgz) fbc0e8260a76b079a7e18112ee9a513c6f2d8e1c01b8480f1c8cbdad6fc8c0a0 SHA256 checksum (rest-api-modular-input_154.tgz) dcc886d98bdd1b4162095ea4f2e3cb932020b49d43cb512963fbc229534440f8 SHA256 checksum (rest-api-modular-input_153.tgz) 2868df0bd673768917f27b62b6652c927b8a4d9d95f5a2c5eae1e917bb593e69 SHA256 checksum (rest-api-modular-input_152.tgz) 0ddd5559ed7ae61830be0d5c04f97738d5dd9cb0f356693b28ea9cc2454376f2 SHA256 checksum (rest-api-modular-input_151.tgz) fde29097bf16c9029ac84b78e25272f64e94ef71cad2da33f48d6e005d3b79a2 SHA256 checksum (rest-api-modular-input_15.tgz) e978fb5196469890e682564345ff928f97e417a8bc7e934fd70eb16858b495c6 SHA256 checksum (rest-api-modular-input_14.tgz) 091a8fa8ed05f6b748211ab36537a019bcc2294be4c5f00ace6b513512d9a7d7 SHA256 checksum (rest-api-modular-input_139.tgz) 3c5e4a5a4da456d5f02588f813360ab4fc84382721b5a371de0e6efce3efe183 SHA256 checksum (rest-api-modular-input_138.tgz) 41b4c9d29daa443a8e15ac6f7eaca1e149177173b458cc8bcd497d180bb3a574 SHA256 checksum (rest-api-modular-input_137.tgz) a04ce0b6be55c8757f829818e52734575cdd9e20dea674c9f0b6dd50201cedad SHA256 checksum (rest-api-modular-input_136.tgz) ead1c1fc7176c8afe36f34d4b9a9b98ab1c7a8ae6d1732169182cabf71bca761 SHA256 checksum (rest-api-modular-input_135.tgz) 953daa4b9d03630ad30e81ebdd9744c05f7921a5c1d049e3e02f2dfc9120adfd SHA256 checksum (rest-api-modular-input_134.tgz) f919f8b4825ec9dc263712faa213697762a2ad489edfe045d53135457acca6bd SHA256 checksum (rest-api-modular-input_133.tgz) a3c01b4f2e48f30a0e2d95929377acf9d3badca39a2e15a6cb44fde052eb3a9a SHA256 checksum (rest-api-modular-input_132.tgz) 577928ab3ab44fd934f91681c193cc1023966aaf1fd39532b9ec2490674cdbfd SHA256 checksum (rest-api-modular-input_131.tgz) beb4a1513ea119e024b55a62517d37a63f241829b36cb36f800af307c4222e0f SHA256 checksum (rest-api-modular-input_13.tgz) d842690cb56bcf5c0b01fd2fdbc508c6ae26e3de01b69d19d2719ed5bc211fff SHA256 checksum (rest-api-modular-input_12.tgz) 5519b6a76ec53877bbf1792bef985dd1a26d8ed04df1a97ec960c7f00c95ada8 SHA256 checksum (rest-api-modular-input_11.tgz) cc8711cbeafb62ab4237613aec10282a98c0395cf505ec184f8f3d1175592ee7 SHA256 checksum (rest-api-modular-input_104beta.tgz) d6f3b361e4ee8a96a3c3aee3deff43d15a4374b1c4bae24177d10c3fdd7ce55a SHA256 checksum (rest-api-modular-input_103beta.tgz) 28b4bc3ee32b3ce6f2f488295d572b6c2ff98c5a0ac64e1447c1a3fdead6f0e0 SHA256 checksum (rest-api-modular-input_102beta.tgz) 8fea37a683d2236ee11f706ed0e02c59b65e870c058f7a8589b007b26599df77
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


REST API Modular Input

This is a Splunk Modular Input for polling data from REST APIs and indexing the responses.

The Python code in this App is dual 2.7/3 compatible.
This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements.
If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.

For details of the support we offer for our Apps , browse to : https://www.baboonbones.com/#support

This App is fully AppInspect passed for installing in your own hosted Splunk Enterprise environments or on your own hosted Splunk Forwarders and forwarding the collected data into Splunk Cloud.

Installing the App directly in Splunk Cloud :

This App is designed to be completely generic enough to allow users to connect to any RESTful or HTTP(s) endpoint with any permutation of HTTP options (Headers , URL arguments , Proxies , Certificates, Authentication Schemes , etc..) , not to mention custom response handling, paging and in-flight preprocessing of received data.

But to allow for this completely generic capability we need to provide options over and above what Cloud permits. So we take the following approach to provision the App for customers wanting to install the App directly in Splunk Cloud for their specific configuration requirements.

If you want to install this App directly in Splunk Cloud , for our Commercially supported customers on our Ultra plan ( https://www.baboonbones.com/#support ) we provide custom private builds of any of our Apps tailored to the customer's specific requirements and configuration , and these custom private builds can then be uploaded as your own private Splunk Cloud Apps.

For customers that don't have support, we also offer the option to perform ad-hoc custom private builds of any of our Apps.

Browse to https://www.baboonbones.com/#cloud for more details of our Cloud options and offerings.

Release Notes

Version 2.0.7
Feb. 8, 2022

For OAuth2 refresh_token flows , you can now configure if the client_id/client_secret is sent in the Base64 encoded Basic Authentication header (default) or in the request body. Previous versions of the App put the client_id/client_secret in BOTH the header and request body.

Version 2.0.6
Jan. 25, 2022

some code checks to catch null passwords in environments with passwords.conf files that can't be decrypted

Version 2.0.5
Nov. 27, 2021

option to use the default bundled "certifi" CA Bundle rather than having to declare your own path to a CA Bundle

Version 2.0.4
Nov. 23, 2021

upgraded the Splunk Python SDK to v 1.6.18 to meet the latest App Inspect/Cloud Vetting rules.

Version 2.0.3
Sept. 26, 2021

By default ,for refresh_token flows, the client_id and client_secret will get placed as parameters in the request body. Added some code so that the client_id and client_secret will also be included as a Base64 encoded Basic Auth header , https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/

Version 2.0.2
Sept. 17, 2021

added a configuration option to select the grant type for OAuth2 flows

Version 2.0.1
May 12, 2021

updated the oauthlib backwards compatibility to python2.7

Version 1.9.9
March 10, 2021

Ensure any http/https proxies are available for OAuth2 Refresh Token URL requests

Version 1.9.8
Oct. 29, 2020

increase page size from 30 to unlimited for the list of encrypted keys.

Version 1.9.7
Oct. 6, 2020

updated the custom response handler method signature.Added in backwards compatibility for your existing custom response handlers , or you can update your handlers to use the new call method signature. Refer to rest_ta/bin/responsehandlers.py for examples.

Version 1.9.6
Oct. 6, 2020

upgraded logging functionality
added a default response handler for oauth2

Version 1.9.5
Sept. 29, 2020

upgraded logging functionality

Version 1.9.4
Sept. 23, 2020

upgraded urllib3 library from 1.25.3 to 1.25.10
removed some logging debug messages , which are actually disabled by default , but the Splunk cloud folks don't like them

Version 1.9.3
Aug. 23, 2020

logging enhancements for default requests messages

Version 1.9.2
Aug. 21, 2020

enforced Python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.9.1).

Version 1.9.1
Aug. 19, 2020

python3 compatibility tweaks

Version 1.9
Aug. 19, 2020

general appinspect tidy ups
removed setup.xml and replaced with a custom JS/HTML dashboard for app setup

Version 1.8.7
July 14, 2020

added code to prevent passwords from other apps that might have their sharing set to Global from being concatenated into the rest_ta namespace.

Version 1.8.6
July 12, 2020

minor fix to encryption logic

Version 1.8.5
July 7, 2020

Improved the usability of the setup page for encrypting credentials

Version 1.8.4
July 4, 2020

can now pass oauth2 session through to a custom response handler
added config field for oauth2 expires_in
added a custom setup page if you require encryption of credentials

Version 1.8.3
June 2, 2020

updated the bundled version of the requests library to version 2.23.0

stateful variables/settings used to get persisted back to inputs.conf , now they get persisted to a custom config file reststate.conf , which should solve any unwanted auto restarting of the app by splunkd.

made error logging more verbose by adding stanza name

minor tweak to authhandlers.py for python 2/3 dual compatibility

bundled in python modules that are not packaged into Splunk versions pre 8 : urlib3 , certifi , chardet , idna

Version 1.8
May 16, 2020

Dual Python 2.7 and 3+ compatibility.

App will run on :

Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime

Version 1.7
March 1, 2020

added support for Certificate verification using a supplied CA Bundle file

Version 1.6
Dec. 30, 2019

fixed Splunk 8 compatibility for manager.xml file

Version 1.5.7
Aug. 13, 2019

added client certificate config options

Version 1.5.6
April 23, 2019

updated docs

Version 1.5.5
April 19, 2019

added trial key functionality

Version 1.5.4
March 6, 2019

added a triggers stanza to app.conf to prevent reloading after saving state back to inputs.conf

Version 1.5.3
June 4, 2018

Patched a bug to callbacks to Splunk for persisting state that required the activation key in the payload

Version 1.5.2
June 3, 2018

minor manager xml ui tweak for 7.1

Version 1.5.1
May 30, 2018

Corrected a build bug with responsehandlers

Version 1.5
May 27, 2018

Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Added support for HEAD requests
Docs updated
Splunk 7.1 compatible

Version 1.4
Sept. 2, 2015

Delimiter fix

Version 1.3.9
July 15, 2015

Can now declare a CRON pattern for your polling interval.
Multiple requests spawned by tokenization can be declared to run in parallel or sequentially.
Multiple sequential requests can optionally have a stagger time enforced between each request.

Version 1.3.8
July 12, 2015

Minor code fix for a logging statement error

Version 1.3.7
July 3, 2015

Added support for token replacement functions in the URL to be able to return a list
of values, that will cause multiple URL's to be formed and the requests for these
URL's will be executed in parallel in multiple threads. See tokens.py

Version 1.3.6
Jan. 27, 2015

Added a custom response handler for rolling out generic JSON arrays
Refactored key=value delimited string handling to only split on the first "=" delimiter

Version 1.3.5
Aug. 20, 2014

Ensure that token substitution in the endpoint URL is dynamically applied for each
HTTP request

Version 1.3.4
Feb. 18, 2014

Added support for dynamic token substitution in the endpoint URL

ie : /someurl/foo/$sometoken$/goo

$sometoken$ will get substituted with the output of the 'sometoken' function
in bin/tokens.py

Currently have just shipped with 1 example token $datetoday$ which will dynamically resolve to today's date in format 2014-02-18

Version 1.3.3
Feb. 14, 2014

Added support for sending and persisting cookies

Version 1.3.2
Oct. 30, 2013

Changed the logic for persistence of state back to inputs.conf to occur directly after polling/event indexing has completed rather than waiting for the polling loop frequency sleep period to exit. This potentially deals with situations where you might terminate Splunk before the REST Mod Input has persisted state changes back to inputs.conf because it was in a sleep loop during shutdown.

Version 1.3.1
Oct. 24, 2013

Cosmetic fix for 1.3 release

Version 1.3
Oct. 24, 2013

Added a new feature that will automatically persist updates to URL Arguments , HTTP Header Propertys or HTTP Request Body content back to your inputs.conf stanza. Such a scenario might occur if you are using a custom response handler to dynamically calculate URL Arguments , such as a timestamp or event paging cursor, and you want this latest state to be persisted back into your configuration so that if you need to restart the REST input , it's configuration is in the latest polled state and can resume polling from where it left off.

Version 1.2
Oct. 16, 2013

Upgraded underlying python requests library to version 2.0 , primarily to support the HTTP CONNECT verb

Version 1.1
Aug. 14, 2013

Added support for user defined delimiter for multiple "key=value" fields .
Added hooks in responsehandlers.py for custom handling of responses, use cases such as URL arguments/HTTP header properties that might require a dynamic value per request , HTTP REL Header link following , dynamically changing the endpoint URL.

Version 1.0.4beta
June 25, 2013

Fixed minor script bug when printing http errors

Version 1.0.3beta
June 25, 2013

Added support for POST and PUT HTTP Methods for getting data. Not RESTful per say but a useful out for API's that are "REST like"

Version 1.0.2beta
June 20, 2013

Renamed the manager xml file to avoid naming clashes

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.