I can’t tell where my Json Path from HTTP fetch is failing: Schedule? Fetch? Parse path? and can use a nudge in the right direction.
I found configuration of the Graylog 2.4.6+ceaa7e4 Input “JSON Path from HTTP” really simple to configure, but:
- From the UI it’s not clear whether it’s really running and fetching or failing or …
- Graylog server.log is a bit sparse on details (see below)
- I don’t have a way to either see raw fetch results or obvious errors in the UI or log
When I first configured this Input, I saw “Running” in the UI and the log just had something like:
API/5c3f681028fd8504090edc7e] is now STARTING
2019-01-16T19:17:53.219Z INFO [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now RUNNING
(disregard timestamps here, these are just examples)
Seeing nothing else (no activity in “messages from input”), following another user’s observations, I restarted the Graylog server but saw only the same each time I start and stopped or edited and implicitly restarted the Input:
2019-01-16T19:17:53.217Z INFO [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now STOPPING
2019-01-16T19:17:53.218Z INFO [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now TERMINATED
2019-01-16T19:17:53.219Z INFO [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now STARTING
2019-01-16T19:17:53.219Z INFO [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now RUNNING
2019-01-16T19:17:53.220Z INFO [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now STOPPED
But there’s no other data in the server.log on it. I have this input running on 10 sec intervals while testing, and I expect to see (but have no data suggesting I should or would see) an active Fetch and success and/or Failure. I have even tried munging the target URL to force a bad request: no error, no failure, just “Running”…
[edit] I have confirmed I can curl XGET the resource from my Graylog server command line, so I’m reaching the endpoint afaict. [/edit]
Please point me in the right direction. I suspect No incoming data had the same issue, but that issue was never apparently resolved.
Update:
It turns out it was because I was using the target URL form of https://user:pass@domain.com/action, where the user:pass form appears to not be supported… In this case, I had to load the header with Basic Authentication which looks like: authorization: Basic XBp****************************************hxO==… I got this funny string by making the request in Chrome Console and then inspecting the http request under Network:
var headers = new Headers();
headers.append('Authorization', 'Basic ' + btoa('USERNAME:PASSWORD'));
fetch('https://API.SERVICEDOMAIN.COM/v3/SERVICEID/log', {
headers: headers
})
.then(res => res.json())
.then(console.log)
…BUT my main question still stands– where should I have seen this interaction logged? How will I know if it fails?