Splunk JamfPro API getting started?

dwaterbury
New Contributor III

Hi Everyone,
I'm new to Splunk and heard about the Jamf Pro Add-On, which should pull data into it. I've gotten Splunk installed on my Mac as a testing scenario and think I have the Jamf Pro Add-On configured correctly with an Advanced Search to pull just the JSS Computer IDs, Computer Names, Asset Tag and Serial Numbers.

However, I am having difficulty understanding how to extract fields after that. I am receiving 1 value with 6 numbers followed by 1 value with the following error:

<XML_TooLong><error>The XML was too long</error></XML_TooLong>

Any help would be greatly appreciated. Thank you very much.

2 REPLIES 2

pazdak
New Contributor II

The XML_TooLong error occurs when a computer or mobile record ends up bing longer than 10,000 characters. That sounds odd for this case to happen if you are only pulling the Name, Asset Tag, and Serial Numbers.

We are doing bug fix and enhancements through the Jamf Open Source Community. Open a ticket here under issues and it will get addressed as soon as reasonably possible:

https://github.com/jamf/SplunkBase

andyscoggins
New Contributor

Could you post an example of how you configured the data input? I can't get mine to pull down data but I'm also not getting any errors. Specifically, I think I'm getting the "API Call Name" wrong, which isn't in the app instructions. Here is what I'm using:
Name: jamfapisearch
Name of the Modular Input: jamfapisearch
JSS URL: https://example.jamfcloud.com:8443
Username: <username>
Password: <password>
API Call Name: /JSSResource/advancedcomputersearches/name/
Search Name: allcomputers

Thanks!