Get xMatters event data into Splunk

The xMatters REST API allows us to get data about events and their properties in JSON format. Wouldn't it be great if we could bring that data into Splunk, so that we can search and display it any way we want? 

I think this could be accomplished using the REST API Modular Input app for Splunk, which would go out and poll the xMatters API every few minutes. 

Now here's my question: by default, the xMatters URL /api/xm/1/events?embed=properties returns all non-archived events. We don't need to get all of those events every time; we just need the new ones that have been created since the last polling interval. Is there a way to limit our API call so that we only get events within a certain timeframe (e.g., last 5 minutes?)


Please sign in to leave a comment.