Hello
I'm trying to create a modular input for Splunk for our product, Qumulo clusters (qumulo.com/products/qumulo-core/). We have a REST API that exposes data about our storage clusters and some of our customers want to explore and manage information about their clusters using Splunk.
I've created (with Damien Dallimore's help) a first version of a modular input which you can see here (it is public and on GitHub):
github.com/Qumulo/qumulo_splunk
It loads into Splunk Enterprise with no problems/errors/warnings, but I see no data for my modular input or Wcript in splunk (my script is $SPLUNK_HOME/etc/apps/qumulo_app/bin/qumulo.py on my machine).
I ran
../../bin/splunk cmd python qumulo_app/bin/qumulo.py —scheme
and the scheme looks OK to me (from a naive perspective at least -- no errors) and when I run a Splunk search like this:
index=_internal ExecProcessor error qumulo.py
I don't see any meaningful results. I've added some logging.error debug messages to my script too... where do those messages get logged? Not seeing those either.
So I'm a bit stuck. Any pointers welcome. If there are other support channels I should try, pls mention that too (I'm new to Splunk integration, obviously ;)).
Thanks - Michael Murray / mmurray@qumulo.com
This command came from a presentation that was given at .Conf last week. It may help you testing....modify to fit your module names.
splunk cmd splunkd print-‐modinput-‐config
| $SPLUNK_HOME/bin/splunk cmd python
Problems solved, thanks for help. Our modular input app is now available:
https://github.com/Qumulo/qumulo_splunk_app
Also via Splunkbase.
This command came from a presentation that was given at .Conf last week. It may help you testing....modify to fit your module names.
splunk cmd splunkd print-‐modinput-‐config
| $SPLUNK_HOME/bin/splunk cmd python