How to generate OAUTH2 token and use REST API to pull logs from Cloud?

Hi Experts,

I have below requirements . Could you please help me to configure it.
In short:
I am trying to use OAUTH2 to generate token ,use that token to establish connection with SAAS portal to pull logs using REST API and then pass that logs to the ArcSight.

Long Story:
I have a RESTAPI which works on OAuth 2.0.
A OAuth 2.0 API requires Authorization as header which holds bearer token
This is generated using Refresh Token, ClientID, Client Secret given values.( this are fixed values)

Currently this Authorization Header expired every 5 minutes, i have to go and generate it manually.Is there any plugin/commands i can use or any other means to generate OAUTH2 token every 5min?

In order to run my pipeline forever, i need to have this Authorization header token alive all the time.

Has anyone tried it?

Please let me know how to achieve this solution.

Thank you .

That very much depends where you need the Authorization header. For example, if you are using an http_poller input then the short answer is no, there is no way to do this. If you need it in a http output, then it might be doable.

But you are going to have to do it in ruby. Basically, add a ruby filter than checks if it has a valid header stashed in an instance variable. If so, add it to the event. If not, generate one, stash it in an instance variable, and add it to the event. Then in the output you should be able to reference the field on the event.

Oh, and going back to http_poller input. If you implement the HTTP request in the ruby filter and just use the http_poller for scheduling you could make it work that way.

But this use case just is not a good fit with logstash. You might be better off doing the authenticated REST call externally to logstash, using /bin/sh and curl (and maybe cron) and then POST it into an HTTP input in logstash.

Hi Badger,

Thanks for the input.

I will try using different tools and then input into logstash. I am thinking to try power shell to generate token and input that token into log stash for authentication.

like creating a scheduled task to generate token every 5 or 10min. Do you think it is viable solution?

Yeah, should be fairly simple using Invoke-WebRequest, I think.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.