How to pass variable base parameter in http_poller logstash input plugin

Hi All,

Can you please help me with below issue,

I am trying to hit two rest api for below two conditions:

  1. First is used for providing the login credentials and it will give an response as session id.
  2. I have to use the session id which i get as a first api response in second api hit to will pull actual data using rest api

Sample API requests:
First api: curl -i -k --header "Authorization: Basic cWFAcWE6cWE=" https://computer.network.net/attunityenterprisemanager/api/v1/login

second api: CURL.EXE -i -k --header "SessionID: wCo0_KvjEUFROvfHF5KGrw" https://computer.network.net/attunityenterprisemanager/api/v1/security/audit_trail?start_timestamp={start_timestamp}&end_timestamp={end_timestamp}

can anyone help me how can i pass the session id in second api header as a variable value?

@ Badger @elastic_team Elastic Team Member

Kindly assist

You cannot do that using an http_poller input. You will have to use http filters. You can drive the schedule using a heartbeat input

heartbeat { interval => 60 }

If you can do a login for every audit_trail request then just use two http filters. If you need to use a single session for everything then you will need to use a single worker thread, and I think you will need to set pipeline.ordered to be true. Maybe something like

ruby {
    code => '
        if ! @@sessionId
            event.set("[@metadata][needId]", true)
        end
    '
}

if ! [@metadata][needId] {
    ruby { code => 'event.set([@metadata][id]", @@sessionId)' }
else
    http {
        # Make the call to api/v1/login
    }
    # Parse the session id from the response into [@metadata][id]
    ruby { code => '@@sessionId = event.get("[@metadata][id]")' }
end
http {
    # Make the call to audit_trail
}

Note the use of a variable with class scope (@@) so that multiple ruby filters can share it. [@metadata] is a field on the event that is ignored by most outputs, so it is useful for temporary variables.

If sessions expire then you will need to add code that sets @@sessionId back to nil just before that happens.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.