Troubleshooting JSON Path from HTTP Input: Quietly fails to fetch due to Basic Authorization and URL format: What logs to inspect to know this?

I can’t tell where my Json Path from HTTP fetch is failing: Schedule? Fetch? Parse path? and can use a nudge in the right direction.

I found configuration of the Graylog 2.4.6+ceaa7e4 Input “JSON Path from HTTP” really simple to configure, but:

  • From the UI it’s not clear whether it’s really running and fetching or failing or …
  • Graylog server.log is a bit sparse on details (see below)
  • I don’t have a way to either see raw fetch results or obvious errors in the UI or log

When I first configured this Input, I saw “Running” in the UI and the log just had something like:

API/5c3f681028fd8504090edc7e] is now STARTING
2019-01-16T19:17:53.219Z INFO  [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now RUNNING

(disregard timestamps here, these are just examples)
Seeing nothing else (no activity in “messages from input”), following another user’s observations, I restarted the Graylog server but saw only the same each time I start and stopped or edited and implicitly restarted the Input:

2019-01-16T19:17:53.217Z INFO  [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now STOPPING
2019-01-16T19:17:53.218Z INFO  [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now TERMINATED
2019-01-16T19:17:53.219Z INFO  [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now STARTING
2019-01-16T19:17:53.219Z INFO  [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now RUNNING
2019-01-16T19:17:53.220Z INFO  [InputStateListener] Input [JSON path from HTTP API/5c3f681028fd8504090edc7e] is now STOPPED

But there’s no other data in the server.log on it. I have this input running on 10 sec intervals while testing, and I expect to see (but have no data suggesting I should or would see) an active Fetch and success and/or Failure. I have even tried munging the target URL to force a bad request: no error, no failure, just “Running”…

[edit] I have confirmed I can curl XGET the resource from my Graylog server command line, so I’m reaching the endpoint afaict. [/edit]

Please point me in the right direction. I suspect No incoming data had the same issue, but that issue was never apparently resolved.

Update:
It turns out it was because I was using the target URL form of https://user:pass@domain.com/action, where the user:pass form appears to not be supported… In this case, I had to load the header with Basic Authentication which looks like: authorization: Basic XBp****************************************hxO==… I got this funny string by making the request in Chrome Console and then inspecting the http request under Network:

var headers = new Headers();
headers.append('Authorization', 'Basic ' + btoa('USERNAME:PASSWORD'));

fetch('https://API.SERVICEDOMAIN.COM/v3/SERVICEID/log', {
  headers: headers
})
  .then(res => res.json())
  .then(console.log)

…BUT my main question still stands– where should I have seen this interaction logged? How will I know if it fails?

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.