Hi All,
I am trying to configure SPLUNK using the REST API to pull down monitor alerts from Site 24 x 7. As an example I am trying to pull down if something is defaced or the site is unavailable. I have been able to run via curl the commands as per the site24x7 API help guide and been able to get a response. However I am running into problems with the REST API and can't see where this is going wrong. This is my config
activation_key = 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
auth_type = oauth2
endpoint = www.site24x7.com/api/monitors
index = myindex
index_error_response_codes = 1
oauth2_client_id = xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
oauth2_client_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
response_type = json
sequential_mode = 0
sourcetype = _json
streaming_request = 0
http_proxy =
https_proxy =
oauth2_access_token = xxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
oauth2_refresh_props = grant_type=refresh_token
oauth2_refresh_token = xxxxxxx.xxxxxxxxxxxxxxxxxxx
oauth2_refresh_url = www.zohoapis.com
oauth2_token_type = Bearer
polling_interval = 15
I get the following error when I run this "Exception performing request: prepare_token_request() got multiple values for keyword argument 'grant_type'".
Any help would be appreciated. I am not well versed with API.
Hi cybsec02,
Thanks for raising the issue.
We are analyzing the configuration of our REST API with SPLUNK. Once the testing is completed, we shall update this thread.
Could you let us know if you are using SPLUNK to centralize alerts from different tools? This would help us to determine the use case that's being used for SPLUNK.
Regards,
Muralikrishnan
Hi cybsec02,
Thanks for explaining the use case. Our team is working on this case with high priority, will update this thread once its live.
Regards,
Muralikrishnan
Hi cybsec02,
We have checked from our side and I would like to confirm that there is no issue with our REST API feature.
The below screenshot as output of API, which we performed using API Inspector
Please try configuring REST API in Splunk again. If the issue persists, please contact Splunk for additional help.
Regards,
Muralikrishnan
Appreciated.
I noted during testing that the rest python script does generate this problem where setting the sourcetype to JSON (at least the SPLUNK in built one)
- parsing error unexpected character while looking for value 'h'
As a test changed this to a different sourcetype like "csv" and this resolves the problem but it is not the right sourcetype. This is a parsing problem not a site 24 x 7 issue.