How To Optimize Your Business Operations With Rest Api And Splunk Technical Add-on

Ian Murphy - May 2022

Is there such thing as a "perfect" business operations tool? The quick answer to that is no.


Everyday organizations scale and are in need of ways to optimize how they run their operations. This often results in pressure from the C-Suite to combine bizops software with Splunk to make decisions on the data and for the technical SMEs working aggressively meet their needs.


To get over this pain point - you can leverage the REST API feature of your business operations software with the Splunk Technical Add-On feature. This can help you save:

  • Time and labor from Splunk technical SMEs
  • Optimize costs on business operations software by integrating data into Splunk
  • View real-time data from multiple platforms in one Splunk dashboard thus saving time for all parties


At Arcus Data - we recently got over this pain point with our time-tracking software Harvest. We needed more visibility into our team's time utilization across all of the various projects. This helped:

  • Improve our ability to project plan
  • Tie back time utilization to employee bonuses


To provide guidance on how you can optimize your business operations With REST API and the Splunk Technical Add-on - below you will find a 3 step guide and case study on how we optimized our time-tracking operations.




  • Select the open REST API that applies for your business operations software that you're wanting to optimize. For Harvest we selected the Timesheets API.
  • Timesheets API



STEP 2 - create your splunk technical add-on

  • 3 types of API are available. We went with REST API.

  • Create new inputs based on your business operations software.

  • Here you can specify the inputs a user will need to enter when setting up new inputs. In our case we just used text boxes to prompt for ID’s and a token value.

  • Event Extraction Settings: 

    • Here you can enter a JSON path to break data into separate events when the JSON data is structure in an array. In our case this was extremely beneficial as each time entry was nested in the time_entries array. We then got an event for each time entry which was good when we needed to write Splunk SPL and perform computations on the data.
  • Checkpoint Settings:
    • A handy new feature in the Add-On builder is the Checkpoint configuration. This makes setting up checkpointing really easy. (Assuming you have an incremental field such as a date, in our case we used updated_at).
    • A checkpoint allows you to ingest only the most recent data received (you only get the delta between the last checkpoint and the most recent data.
  • The nice thing about the Add-On builder is it allows you to test the REST query and visualize the results. (Without ingesting into Splunk)

STEP 3 - finalize splunk technical add-on

  • Once you are happy with the configuration you can export the Technical Add-On (TA) so that it can be used in any Splunk environment.



questions & resources

If you need any support or have any questions please feel free to contact us at