REST API Overview
This document provides various examples of connecting to a Splunk REST API from edgeCore.
Please see the following link as needed for Splunk REST API documentation:
http://dev.splunk.com/restapi
REST API Authentication (WIP)
Access to the Splunk REST API is protected by Basic Authentication.
cURL reference request
curl -v -k https://<splunk host>:8089/servicesNS/admin/search/search/jobs/export?output_mode=csv -d search=" savedsearch restApiTest"
REST API Example Connection Configuration
edgeCore connects to the Splunk REST API using a Web Data Connection. An example Connection Configuration for the Splunk REST API is presented below:
| Connection Property | Example |
|---|---|
| Connection Name | Splunk REST API |
| Destination | https://<SplunkRestApiEndpoint> |
| SSO Handler | Basic Auth |
| SSO Credentials | Username: <splunk user> Password: <splunk password> |
Example Feed Configurations
edgeCore makes requests to the ServiceNow REST API using the JSON Feed. Below are defaults for all ServiceNow Feed configuration properties unless otherwise specified:
| Default Feed Property | Value |
|---|---|
| Request Headers | None |
| Rule Name | BaseData |
| Logging | Production |
| Poll Period | 60 |
| Enable Server Subscription | Yes |
Listed below are a series of sample JSON Feed Configurations that make requests to the supported ServiceNow REST API:
ServiceNow Get Active Incidents
| Feed Property | Value |
|---|---|
| Feed Name | ServiceNow Get Active Incidents |
| Start URI | /api/now/table/incident?sysparm_display_value=true&sysparm_exclude_reference_link=true&sysparm_limit=1000&active=true |
| HTTP Method | GET |
| JSON Path | $.result |
ServiceNow Get Business Services
| Feed Property | Value |
|---|---|
| Feed Name | ServiceNow Get Business Services |
| Start URI | /api/now/table/cmdb_ci_service?sysparm_exclude_reference_link=true&sysparm_limit=1000 |
| HTTP Method | GET |
| JSON Path | $.results |
Listed below are a series of sample JSON Feed Configurations that make requests to the unsupported ServiceNow REST API:
ServiceNow Get Business Service Nodes
| Feed Property | Value |
|---|---|
| Feed Name | ServiceNow Get Business Service Nodes |
| Start URI | /ngbsmprocessor.do?actionType=loadBasic&cacheKill=1476736163076&cmd=get&id={nodeVar.ServiceNowServiceId}&level=5&mapScriptID=&serviceMode=false |
| HTTP Method | GET |
| JSON Path | $.nodes |
ServiceNow Get Business Service Links
| Feed Property | Value |
|---|---|
| Feed Name | ServiceNow Get Business Service Links |
| Start URI | /ngbsmprocessor.do?actionType=loadBasic&cacheKill=1476736163076&cmd=get&id={nodeVar.ServiceNowServiceId}&level=5&mapScriptID=&serviceMode=false |
| HTTP Method | GET |
| JSON Path | $.links |