All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Could I use REST API to create a monitor input from the script of a modular input?

lzhang_soliton
Path Finder
‎01-23-2014 01:28 AM

For creating a monitor input of our product, our customers have to type correct sourcetype and complex regular expression for whitelist. We want to create a simplified UI by using Modular Input. In the script a monitor input will be made automatically as same as adding it manually.
Could you tell me that is a good idea or bad one?
Even if our customers have correct permission, we are not sure if authentication tokens are necessary in the script.

Tags (1)
Reply

Damien_Dallimor
Ultra Champion
‎02-12-2014 11:26 PM

Using Modular Inputs as a proxy just for creating a Monitor Input is a bit of a hack , and limiting what you can do in the UI.
Have you considered using the Web Framework and building a custom setup page for your Monitor Inputs (with you simplified approach). Your custom setup page could have whatever JS/HTML/CSS you want to provide your simpler experience for your users , and then you could have some Django serverside logic for your setup page that uses the Splunk REST API to create the Monitor Input stanza for you.

0 Karma
Reply

halr9000
Motivator
‎02-12-2014 09:18 AM

Sure you can. Splunk does this type of thing to aid in the install-time experience for some of our premium apps. Also consider that Splunk Web is built on top of the REST API itself. Start with a POST to data/inputs/monitor.

As to the authority question, the user executing the actions would have to have the correct permission in Splunk.

0 Karma
Reply

lzhang_soliton
Path Finder
‎02-12-2014 09:02 PM

Thanks for your answer. I reviewed my question and I think I did not describe it clearly, so I rewrote it. Could you check it again?

0 Karma
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Top