Knowing all of the applications and methods we can use to get data into Splunk, let's talk about the types of data inputs from data sources, and how they get to the indexer. There are six general types of data inputs in Splunk:
API inputs
Database inputs
Monitoring inputs
Scripted inputs
Modular inputs
Windows inputs
There are two ways to get REST API data into Splunk:
Download the REST API modular input, and install it into your Heavy Forwarder
Write a REST API poller using cURL or some other method to query the API, and scrub the output for the data you need
If at all possible, use the REST API modular input from Splunk, as it is very easy to set up and use. Just figure out your URL, and set up the API input and it's interval that you want it to be polled at.
Tip
Q: When would you ever use a custom API input if Splunk already has a REST API input available? A: When one doesn't already exist, and it's the only way to get data from your system.
An example of this is MapR's newest...