topic Re: Retrieve configuration items from a custom python search command in Splunk Search

Retrieve configuration items from a custom python search command

domgkc — Mon, 17 Dec 2012 09:57:43 GMT

I would like to get configuration items from within a custom search python command.

I have created a setup which adds configuration items "host", "port" and "key" for making external REST calls.

The external REST calls are made via a custom search command.
I would like to use the host, port and key stored in the configuration file to form the REST endpoint URL so that the Application can be installed without users having to change my python scripts.

Tried reviewing the splunk.admin class but it isn't obvious to me how to get to the configuration properties to retrieve the data I want. (I wish I was better at python).

I know I can make a REST call back to Splunk from within the search but making REST calls to Splunk itself to get the properties via /services/properties/myapp/myappitem seems a bit wrong.

Has anyone else tried to make use of splunk.admin to retrieve stored configuration?
Is there any way to achieve this?

Re: Retrieve configuration items from a custom python search command

ziegfried — Mon, 17 Dec 2012 11:48:08 GMT

There are multiple ways to access config items from with custom search commands. The easiest one is to use the splunk.clilib.cli_common

from splunk.clilib import cli_common as cli
...
cfg = cli.getConfStanza('myconf','mystanza')
print cfg.get('myitem')

The alternative is to actually access the configuration via REST. You can setup the search command to retrieve an auth token via STDIN when it's called by setting passauth = true in commands.conf (enableheader has to be set to true as well).

import splunk.entity, splunk.Intersplunk
...
settings = dict()
records = splunk.Intersplunk.readResults(settings = settings, has_header = True)
...
entity = splunk.entity.getEntity('/admin/conf-myconf','mystanza', namespace='myapp', sessionKey=settings['sessionKey'], owner='nobody')
print entity.get('myitem')

Retrieving the config via REST is the cleaner way IMO. It additionally gives you control over app/user namespace when reading the configuration.

Re: Retrieve configuration items from a custom python search command

domgkc — Mon, 17 Dec 2012 23:08:26 GMT

Cheers ziegfried, nice. You rock!

Re: Retrieve configuration items from a custom python search command

highsplunker — Fri, 09 Aug 2019 15:03:00 GMT

Thanks ziegfried, clear now.

Re: Retrieve configuration items from a custom python search command

pbankar — Fri, 15 Nov 2019 08:22:55 GMT

Hi ziegfried, thanks for the input. How do I use the

cli.getConfStanza('myconf','mystanza')

to get the version of my custom Add-On TA?

I tried

cli.getMergedConf("app")

But this gives me the version of another app installed on my setup. How do I mention my TA's app.conf folder?

Re: Retrieve configuration items from a custom python search command

peter_krammer — Wed, 15 Jan 2020 12:15:23 GMT

When using the add-on builder this code works for me:

def process_event(helper, *args, **kwargs):
    service = client.Service(
            token=helper.settings.get('session_key'), 
            owner='nobody',
            app='SplunkEnterpriseSecuritySuite')
    myitem = service.confs["myconf"]["mystanza"]["myitem"]
    helper.log_info("myitem={}".format(myitem))