This input will return any notifications (read or unread) that have been created since the last time the input was called. These will be all of the notifications that have been created for the specified environment with no differentiation made as to which application they relate to. Use the “Notifications per application” input to get application-level notifications events.

Splunk events

Sourcetype: mulesoft:notifications

Timestamp: the timestamp provided by Mulesoft via the ‘createdAt’ key – the time the notification occurred

Sample event:

{"id": "60af781320c8f14f731cc386", "domain": "contactapi-7989847", "priority": "INFO", "message": "The deployment of your application contactapi-7989847 has succeeded. Please see your <a href=#/console/applications/contactapi-7989847/logs/archive>logs</a> for more details.", "createdAt": 1622112275.0, "read": false, "href": ""}

About this input

This input calls the URL:

Using the parameters:

For all of the notifications that are returned, the timestamp is checked to see if it is later than when the input was last run. If it is then the notification gets indexed.

This input utilises checkpointing in order to identify which notifications have been indexed already. See here (Python helper functions – Splunk Documentation) for more details.

Learn more: Mulesoft documentation

Posted by:Andrew MacLeod

Andrew is a certified Splunk Admin and has worked for iDelta for over two years. Previously, he worked as an actuarial analyst in the life and pensions industry - a role that he was in for over 7 years before deciding to embark on a career change into the IT industry. He holds an MPhys degree in theoretical physics from the University of Edinburgh. Outside of work he is a big puzzle fan, with a particular penchant for things cruciverbal and mathematical.