All Apps and Add-ons

Add-On Builder - API Python module not collecting all of its prescribed data

thasteve
New Member

Using the Add-On builder i built a custom Python app to collect some asset information over API.

I'll preface all of this by saying my custom Python code in VisCo works all the time, every time. no hiccups.

Using a select statement in the API request, I can gather specific fields. The more fields I define, the more issues I run into in Splunk. Basically it feels like the app is rate limited. I would expect it to run to just under an hour. It usually fails after 10 minutes and starts again at the 2 hour (7200 seconds) configured interval time on the input page.

If I define fewer fields in the select request, it runs for a little longer but still ends up failing and obviously I'm not getting the data I want. If I set the bare minimum one field it runs for the expected time, stops, and starts again at its configured interval.

I'm hesitant to say what platform but it is cloud based. I'm running my app from an on-prem heavy forwarder indexing to Splunk Cloud.

The input interval config is 2 hours. The python script iterates through requests due to paging limitations and delays between requests based on some math I did with the total number of assets and pages. Its about 3 seconds between requests. But again, my code works flawlessly running in VisCo. That target API isn't rate limiting me due to the scripted interval. At least, I have no reason to believe that it is.

I've opened a ticket with Splunk but I wanted to see if anyone else has experience with the Splunk Add-on Builder and the custom python modules.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...