Splunk events
Sourcetype: mulesoft:notifications
Timestamp: the timestamp provided by Mulesoft via the ‘createdAt’ key – the time the notification occurred
Sample event:
{"id": "60af781320c8f14f731cc386", "domain": "contactapi-7989847", "priority": "INFO", "message": "The deployment of your application contactapi-7989847 has succeeded. Please see your <a href=#/console/applications/contactapi-7989847/logs/archive>logs</a> for more details.", "createdAt": 1622112275.0, "read": false, "href": "http://anypoint.mulesoft.com:8080/api/notifications/60af781320c8f14f731cc386"}
About this input
This input calls the URL:
https://anypoint.mulesoft.com/cloudhub/api/notifications
Using the parameters:
- Global account: Specified when input is configured
- environmentId: Specified when input is configured
For all of the notifications that are returned, the timestamp is checked to see if it is later than when the input was last run. If it is then the notification gets indexed.
This input utilises checkpointing in order to identify which notifications have been indexed already. See here (Python helper functions – Splunk Documentation) for more details.
Learn more: Mulesoft documentation