Can we merge two APIs response in Cribl?
Hey, Can we merge two APIs response in Cribl? I have implemented discover and used the data from discover in collect but in the response, I am getting the data of collect only. So can we get the data of discover and collect in the response?
Answers
-
Normally the Discover data is used by the Collection phase (i.e. Cribl use one list of files (from the Discover phase) as an Input for the Collection)
0 -
Can I assume you need both set of events / files?
0 -
If yes, you can combine these using Redis .. or do the combination on the destination (Elasticsearch .. Splunk .. etc)
0 -
Yes, so I need to create 2 collectors and set the same destination right?
0 -
But my data depends on discovery phase as well
0 -
<@U01J549PR6Y> Do I need to create 2 collectors and set the same destination?
0 -
<@U03KND56HLL> <@U01LSBF5953> Can you guys please help me with the above query?
0 -
<@U053XJ96R2L> what is the API you are working with? you will most likely need two separate API calls if you want the discovery data passed to the destination
0 -
- 1 .. :thiscribl:
0 -
There is one primary API from which I want the response and using one field from the primary API I want to extract other data using secondary API and also want the response of secondary API. So Can I do this using one Rest Collector in Cribl?
0 -
<@U053XJ96R2L> , No, you will most likely need two separate REST collectors. One to only grab the discovery data (with the discover request in the collect URL), and one with both the Discover and Collect URL configured.
0 -
For an example of using the discover to pass information to the collect URL. Please see the documentation here: https://docs.cribl.io/stream/usecase-rest/#5-http-discover-and-collect-with-login-authentication
0 -
Okay, thanks
0
