Based on your expanded question, you’re going to need to actually get that REST endpoint’s data into Splunk
There are at least two ways to do this
First – use the REST API Modular Input and ingest data from the endpoint. If you don’t get data within some timeframe…send an Email.
Second – create your own scripted input that periodically hits your endpoint (maybe with wget or curl), and reports an HTTP status code into Splunk. Your Alert can then check to see if the code isn’t 200 (or whatever else you want to consider "valid"). If it’s "invalid", send an email.
from User warren – Stack Overflow https://stackoverflow.com/questions/66868644/api-monitoring-using-splunk/66909926#66909926
via IFTTT