All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I collect an API token from the user when not running the Splunk Add-on Builder in test mode?

sschall13
Explorer
‎11-22-2016 03:11 PM

When using the Add-on Builder, my data collection code isn't running because the API token that I use in the code is collected via the Add-on Setup Parameters. When I hard code it, data collection works. I hit this problem when using the Add-on Builder to create an add-on for sending information from an API to Splunk. I'm relying on modular input with python code because I need to process the results before sending to Splunk. I created the code and it works great using the "Test" button (when the Add-on Setup Parameter is used to collect the API token from the user), but when I progressed to the parsing stage of the add-on creation process, there was no data available. I went back and hardcoded the API key and data started collecting. I assume I'm doing something wrong here and any help would be much appreciated.

Reply
1 Solution
Solved! Jump to solution
Solution

bwooden
Splunk Employee
Splunk Employee
‎11-23-2016 08:56 AM

Are you using Add-on Builder 2.0?

In 2.0, the Add-on Builder leverages Single Instance mode by default. This basically means the mod input script is called once for ALL the inputs. This means ALL configurations for the input are provided to the script from the helper functions, as a dictionary.

Here is the code I'm now using to work that way. Since it checks for whether or not helper returns a dictionary, the code works in both test mode (returns single value) and for configured inputs (returns a dictionary).

def collect_events(helper, inputs, ew):
      """Implement your data collection logic here"""
      stanzas = helper.input_stanzas
      for stanza_name in stanzas:
          opt_access_token = helper.get_arg('access_token')
          if type(opt_access_token)==dict:
              opt_access_toke​n = opt_access_token[stanza_name]
          # ALL the other pre-tasks, API querying, && event writing

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bwooden
Splunk Employee
Splunk Employee
‎11-23-2016 08:56 AM

Are you using Add-on Builder 2.0?

In 2.0, the Add-on Builder leverages Single Instance mode by default. This basically means the mod input script is called once for ALL the inputs. This means ALL configurations for the input are provided to the script from the helper functions, as a dictionary.

Here is the code I'm now using to work that way. Since it checks for whether or not helper returns a dictionary, the code works in both test mode (returns single value) and for configured inputs (returns a dictionary).

def collect_events(helper, inputs, ew):
      """Implement your data collection logic here"""
      stanzas = helper.input_stanzas
      for stanza_name in stanzas:
          opt_access_token = helper.get_arg('access_token')
          if type(opt_access_token)==dict:
              opt_access_toke​n = opt_access_token[stanza_name]
          # ALL the other pre-tasks, API querying, && event writing
0 Karma
Reply
Solved! Jump to solution

sschall13
Explorer
‎11-28-2016 08:39 AM

Hi, thank you for the reply bwooden.

  1. I am using Splunk Add-on Builder 2.0.0, app build 15.

  2. I'm doing exactly what you've described (using the helper function to collect the text in the setup parameter). It works perfectly well when I hit the test button. However, data is not automatically collecting once I move past the code definition stage (to the parsing stage). Only when I go back and hardcode the API token does data start collecting per the time intervals that I set for the add-on to run.

To summarize, my code is able to obtain the API token from the Setup Parameter textbox when I hit the "Test" button and it's clear that everything is working (output shows that it's pulling the right data from my API). Once I move past that point to the data parsing stage, there is no data present, regardless of the time interval that I've set for data collection. Only when I go back and hardcode the API token does data start collecting at the intervals the data collection has been set to run, enabling me to parse the JSON. Is this normal behavior?

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎11-29-2016 03:33 PM

Okay, I think I've re-produced. I believe in test mode, the below code would correctly log the single value access_token but when it runs as a defined input, the access_token returned is actually a dictionary containing all the input's access_token values (including the TAB_example used in test mode). I've contacted the developer of the add-on builder with this info to learn recommendation for addressing the invoking input stanza in that dictionary. I'll update this answer when I hear back.

   opt_access_token = helper.get_arg('access_token')
   helper.log_info("opt_access_token={}".format(opt_access_token))
0 Karma
Reply
Solved! Jump to solution

sschall13
Explorer
‎11-29-2016 03:40 PM

Thank you again for the quick and helpful response bwooden! Looking forward to the resolution when possible.

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎11-30-2016 04:18 PM

I've edited my original answer (above) with the code that works - and why.

0 Karma
Reply
Solved! Jump to solution

sschall13
Explorer
‎11-30-2016 04:33 PM

Thank you so much!

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎12-05-2016 08:55 PM

Hi @sschall13 - Did bwooden's updated answer work out for you? If yes, please don't forget to click "Accept" below the answer to close out your question and up vote any comments that were helpful. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...