IFTTT meet Splunk
IFTTT, if this then that, is a wonderful service that lets us tie random webservices together. IFTTT also does it with a nice and easy gui interface. Essentially if some thing happens, then do this other thing. There are hundreds of services to use, including: Spotify, Fitbit iOS/Android locations, Trello OneNote and Evernote. For us, it is “if this web thing happens then send data to Splunk.” How you say?
Some time ago, Splunk rolled out a nice feature for the http collector, to use “query string authentication” option.
#$SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf
allowQueryStringAuth = trueThis handy dandy little option, turns the http collector into a simple webhook, that is if you pass the webhook the right http collector guid, it will index data to it. We can demo this with curl
curl -k https://mysplunk-domainname:8088/services/collector/event?token=43566685-1234-abcd-1234-1f8bc99702fa -d '{"sourcetype": "iftt", "event": "iftt ftw!"}'
# -k is post
# -d is form urlenecoded json data... Just like that data goes into our Splunk instance. How do we do this with “IFTTTT”? We are going to configure a simple button widget as the “if this” trigger and then use the “webhooks” option as the “then that” option. This is all presented in the GUI screenshots below.
We will use the entire querystringed-url for the url, use POST method, and then in the body we have the data. Here we can add specific data from the “If this” trigger for the juicy bits of data, but in our example we will use just placeholder data.
Just like that we have custom data flowing into Splunk. The possibilities are endless, or at least as many possibilities as the, IFTTTT service allows. They are constantly rolling out new applets that enable more functionality for smart home and anything else. Happy Splunking!
