Question

Splunk JamfPro API getting started?

5 years ago
December 2, 2019
2 replies
1 view

dwaterbury
Contributor
26 replies

Hi Everyone,
I'm new to Splunk and heard about the Jamf Pro Add-On, which should pull data into it. I've gotten Splunk installed on my Mac as a testing scenario and think I have the Jamf Pro Add-On configured correctly with an Advanced Search to pull just the JSS Computer IDs, Computer Names, Asset Tag and Serial Numbers.

However, I am having difficulty understanding how to extract fields after that. I am receiving 1 value with 6 numbers followed by 1 value with the following error:

<XML_TooLong><error>The XML was too long</error></XML_TooLong>

Any help would be greatly appreciated. Thank you very much.

NorDak
Employee
8 replies
5 years ago
January 8, 2020

The XML_TooLong error occurs when a computer or mobile record ends up bing longer than 10,000 characters. That sounds odd for this case to happen if you are only pulling the Name, Asset Tag, and Serial Numbers.

We are doing bug fix and enhancements through the Jamf Open Source Community. Open a ticket here under issues and it will get addressed as soon as reasonably possible:

https://github.com/jamf/SplunkBase

andyscoggins
New Contributor
1 reply
5 years ago
February 20, 2020

Could you post an example of how you configured the data input? I can't get mine to pull down data but I'm also not getting any errors. Specifically, I think I'm getting the "API Call Name" wrong, which isn't in the app instructions. Here is what I'm using:
Name: jamfapisearch
Name of the Modular Input: jamfapisearch
JSS URL: https://example.jamfcloud.com:8443
Username: <username>
Password: <password>
API Call Name: /JSSResource/advancedcomputersearches/name/
Search Name: allcomputers

Thanks!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

Unable to open /var/db/BootCache.playlist During boot up of fresh clean OS Imageicon

10.10.4 FIPS integrity and bootcache.playlisticon

Big Sur Deployment Scriptsicon

macOS Self Service Upgrade Processicon

Share your firstboot script for 10.11icon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings