Sidehistorik
...
| Kodeblok |
|---|
{"Data":[{"DeviceName":"Normann P.'s iPhone","DeviceID":"11787783","Date":"2017-12-08T18:21:58+01:00","Latitude":57.01034,"Longitude":10.03387,"Type":"GPS","Speed(mph)":4,"Speed(km/h)":6,"Altitude(ft)":29,"Altitude(m)":9,"Accuracy":5}]} |
In splunk, its a bit hard to split multivalue json into events, and since this is a POC and I font care that much for history, I will go for the current location...
Getting data in
To get data in splunk, several approaches can be made - and typicalli I would choose a script to pull data from the API to a file to be parsed, but this time I wanted to play with getting the json in splunk the simplest way, so I installed the REST API Modular Input Add On, even thought its pretty old. The Add On adds an input possibility:
So, after adding a new index for the data, and getting the API Key from the followmee.com website, we add an input:
And sourcetype and index:
