Go to All Forums

SPLUNK Rest API for Site 24 x 7

Hi All,

 

I am trying to configure SPLUNK using the REST API to pull down monitor alerts from Site 24 x 7.  As an example I am trying to pull down if something is defaced or the site is unavailable.  I have been able to run via curl the commands as per the site24x7 API help guide and been able to get a response.  However I am running into problems with the REST API and can't see where this is going wrong.  This is my config

 

activation_key = 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
auth_type = oauth2
endpoint = www.site24x7.com/api/monitors
index = myindex
index_error_response_codes = 1
oauth2_client_id = xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
oauth2_client_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
response_type = json
sequential_mode = 0
sourcetype = _json
streaming_request = 0
http_proxy =
https_proxy =
oauth2_access_token = xxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
oauth2_refresh_props = grant_type=refresh_token
oauth2_refresh_token = xxxxxxx.xxxxxxxxxxxxxxxxxxx
oauth2_refresh_url = www.zohoapis.com
oauth2_token_type = Bearer
polling_interval = 15

 

I get the following error when I run this "Exception performing request: prepare_token_request() got multiple values for keyword argument 'grant_type'".

 

Any help would be appreciated.  I am not well versed with API.  

Like (3) Reply
Replies (7)

Re: SPLUNK Rest API for Site 24 x 7

Hi cybsec02,

Thanks for raising the issue.

We are analyzing the configuration of our REST API with SPLUNK. Once the testing is completed, we shall update this thread.  

Could you let us know if you are using SPLUNK to centralize alerts from different tools? This would help us to determine the use case that's being used for SPLUNK. 

 

Regards,

Muralikrishnan

 

 

 

Like (0) Reply

Re: Re: SPLUNK Rest API for Site 24 x 7

Hi Muralikrishnan, yes I am trying to centralize alerts. 

Like (0) Reply


Re: Re: Re: SPLUNK Rest API for Site 24 x 7

Hi cybsec02,

Thanks for explaining the use case. Our team is working on this case with high priority, will update this thread once its live.

 

Regards,

Muralikrishnan

Like (0) Reply

Re: Re: Re: Re: SPLUNK Rest API for Site 24 x 7

Hi

 

Can you advise if there is a proposed ETA for this?

Like (0) Reply

Re: Re: Re: Re: Re: SPLUNK Rest API for Site 24 x 7

Hi cybsec02,

We have checked from our side and I would like to confirm that there is no issue with our REST API feature.

The below screenshot as output of API, which we performed using API Inspector

API Result 

Please try configuring REST API in Splunk again. If the issue persists, please contact Splunk for additional help.

 

Regards,

Muralikrishnan

Like (0) Reply

Re: Re: Re: Re: Re: Re: SPLUNK Rest API for Site 24 x 7

Appreciated.

 

I noted during testing that the rest python script does generate this problem where setting the sourcetype to JSON (at least the SPLUNK in built one) 

- parsing error unexpected character while looking for value 'h'

As a test changed this to a different sourcetype like "csv" and this resolves the problem but it is not the right sourcetype.  This is a parsing problem not a site 24 x 7 issue.  

Like (0) Reply

Was this post helpful?