Hi
To work around an issue with not being able to set a parameterized URL in the webhook event,
I used "default/savedsearches.conf.template", that becomes a new default/savedsearches.conf, with string replacements done by the setup scripts, upon setting of required parameter values.
However, they don't show in the WebUI until restarting Splunk. I am looking for :
(1) a way to make the Web GUI to reload the new savedsearches.conf, or
(2) a way to push a restart message in the Splunk UI (like the one appearing upon install of a new app).
How can I do either?
rama
Instead of forcing the restart it is best to ask the user to do the restart themselves. Here's the python code to do so via REST:
In your restmap.conf (in app/default):
[admin_external:yourEndpoint]
handlertype = python
handlerfile = yourRestHandler.py
handleractions = list, edit, _reload
In yourRestHandler.py (inside your apps bin folder):
class yourRestHandlerClass(admin.MConfigHandler):
def setup(self):
if self.requestedAction in (admin.ACTION_CREATE,admin.ACTION_EDIT):
self.supportedArgs.addReqArg("aVariable ") #<-if you're passing vars to your rest add them like this
def handleEdit(self, confInfo):
if not 'aVariable ' in self.callerArgs.data.keys() and self.callerArgs['aVariable ']:
raise admin.ArgValidationException, "A aVariable must be provided" #pitch a fit if the var isnt supplied to REST
#prompt user to restart splunk web
sessionKey=self.getSessionKey() #<- heres the key to making additional rest calls work
headers = {'Authorization':''} #<- heres the key to making additional rest calls work
headers['Authorization'] = 'Splunk ' + sessionKey #<- heres the key to making additional rest calls work
data = {'name':'restart_link','value':'Splunk must be restarted for changes to take effect. [[/manager/search/control| Click here to restart from the Manager.]]','severity':'warn'}
r = requests.post("https://localhost:8089/services/messages/new", headers=headers, data=data, verify=False)
data = {'name':'restart_reason','value':'A user triggered the create action on app ssl_installer, and the following objects required a restart: ssl configuration','severity':'warn'}
r = requests.post("https://localhost:8089/services/messages/new", headers=headers, data=data, verify=False) #<- headers = headers adds the auth header from above
pass
def handleList(self, confInfo):
CONF_FILE = 'yourRestHandlerConfFile'
confDict = self.readConf(self.CONF_FILE)
if None != confDict:
for stanza, settings in confDict.items():
for key, val in settings.items():
if val is None:
confInfo[stanza].append(key, "")
else:
confInfo[stanza].append(key, val)
def handleReload(self, confInfo):
pass
admin.init(yourRestHandlerClass, admin.CONTEXT_NONE)
In yourRestHandlerConfFile.conf (in app/default):
[default]
aVariable = ifYouUseVarsYouPutThemInThisFile
In your setup.xml (in app/default):
<setup>
<block title="a Title" endpoint="admin/yourEndpoint" entity="default">
<text>Enter a variable and press save</text>
<input field="aVariable">
<label>Please Enter Your Var Here</label>
<type>string</type>
</block>
</setup>
If you must force the restart without asking the user to do so (maybe you just dont care to give them the option), change the url in the requests.post to https://localhost:8089/services/admin/server-control/restart in yourRestHandler.py
You can hit this endpoint on all your servers:
https://localhost:8089/services/apps/local/_reload
To force the restart message on install/changes to app:
http://docs.splunk.com/Documentation/Splunk/6.1/admin/Appconf
[install]
...
state_change_requires_restart = true | false
* Set whether changing an app's state ALWAYS requires a restart of Splunk.
* State changes include enabling or disabling an app.
* When set to true, changing an app's state always requires a restart.
* When set to false, modifying an app's state may or may not require a restart
depending on what the app contains. This setting cannot be used to avoid all
restart requirements!
* Defaults to false.
Also, [triggers] in app.conf:
[triggers]
reload.<conf_file_name> = [ simple | rest_endpoints | access_endpoints <handler_url> ]
* Splunk will reload app configuration after every
app-state change: install, update, enable, and disable.
* If your app does not use a custom config file (e.g. myconffile.conf)
then it won't need a [triggers] stanza, because
$SPLUNK_HOME/etc/system/default/app.conf already includes a [triggers]
stanza which automatically reloads config files normally used by Splunk.
* If your app uses a custom config file (e.g. myconffile.conf) and you want to
avoid unnecessary Splunk restarts, you'll need to add a reload value in
the [triggers] stanza.
* If you don't include [triggers] settings and your app uses a custom
config file, a Splunk restart will be required after every state change.
* Specifying "simple" implies that Splunk will take no special action to reload
your custom conf file.
* Specify "access_endpoints" and a URL to a REST endpoint, and Splunk will call
its _reload() method at every app state change.
* "rest_endpoints" is reserved for Splunk's internal use for reloading
restmap.conf.