All Apps and Add-ons

Modular input using my Python library is not working an am stuck. Ideas on how to debug?

michaelQumulo
Explorer

Hello

I'm trying to create a modular input for Splunk for our product, Qumulo clusters (qumulo.com/products/qumulo-core/). We have a REST API that exposes data about our storage clusters and some of our customers want to explore and manage information about their clusters using Splunk.

I've created (with Damien Dallimore's help) a first version of a modular input which you can see here (it is public and on GitHub):

github.com/Qumulo/qumulo_splunk

It loads into Splunk Enterprise with no problems/errors/warnings, but I see no data for my modular input or Wcript in splunk (my script is $SPLUNK_HOME/etc/apps/qumulo_app/bin/qumulo.py on my machine).

I ran

../../bin/splunk cmd python qumulo_app/bin/qumulo.py —scheme

and the scheme looks OK to me (from a naive perspective at least -- no errors) and when I run a Splunk search like this:

index=_internal ExecProcessor error qumulo.py

I don't see any meaningful results. I've added some logging.error debug messages to my script too... where do those messages get logged? Not seeing those either.

So I'm a bit stuck. Any pointers welcome. If there are other support channels I should try, pls mention that too (I'm new to Splunk integration, obviously ;)).

Thanks - Michael Murray / mmurray@qumulo.com

0 Karma
1 Solution

snowmizer
Communicator

This command came from a presentation that was given at .Conf last week. It may help you testing....modify to fit your module names.

splunk cmd splunkd print-­‐modinput-­‐config

| $SPLUNK_HOME/bin/splunk cmd python

View solution in original post

0 Karma

michaelQumulo
Explorer

Problems solved, thanks for help. Our modular input app is now available:

https://github.com/Qumulo/qumulo_splunk_app

Also via Splunkbase.

0 Karma

snowmizer
Communicator

This command came from a presentation that was given at .Conf last week. It may help you testing....modify to fit your module names.

splunk cmd splunkd print-­‐modinput-­‐config

| $SPLUNK_HOME/bin/splunk cmd python

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...