All Apps and Add-ons

Could I use REST API to create a monitor input from the script of a modular input?

lzhang_soliton
Path Finder

For creating a monitor input of our product, our customers have to type correct sourcetype and complex regular expression for whitelist. We want to create a simplified UI by using Modular Input. In the script a monitor input will be made automatically as same as adding it manually.
Could you tell me that is a good idea or bad one?
Even if our customers have correct permission, we are not sure if authentication tokens are necessary in the script.

Tags (1)

Damien_Dallimor
Ultra Champion

Using Modular Inputs as a proxy just for creating a Monitor Input is a bit of a hack , and limiting what you can do in the UI.
Have you considered using the Web Framework and building a custom setup page for your Monitor Inputs (with you simplified approach). Your custom setup page could have whatever JS/HTML/CSS you want to provide your simpler experience for your users , and then you could have some Django serverside logic for your setup page that uses the Splunk REST API to create the Monitor Input stanza for you.

0 Karma

halr9000
Motivator

Sure you can. Splunk does this type of thing to aid in the install-time experience for some of our premium apps. Also consider that Splunk Web is built on top of the REST API itself. Start with a POST to data/inputs/monitor.

As to the authority question, the user executing the actions would have to have the correct permission in Splunk.

0 Karma

lzhang_soliton
Path Finder

Thanks for your answer. I reviewed my question and I think I did not describe it clearly, so I rewrote it. Could you check it again?

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.