All Apps and Add-ons

how to test add-on-builder python code from remote dev workstation?

pmeyerson
Path Finder

Is there a way to invoke the collect_events() method in an add on that is using the add-on-builder template and has been copied to a remote dev workstation?

I installed the splunk-sdk using pip, updated my service.connect() to specifiy the remote host, and set the log context to log to my local directory instead of /opt/splunk/var/log which does not exist.

I try to run the main python file that matches the input name (without the input_module in the name), but it seems to just hang and not log anything. The input_module_*.py seems to exit immediately. Any suggestions would be great.

0 Karma

pmeyerson
Path Finder

Right thanks, I did make sure to copy all of the files under /bin and subdirectories as well. Is calling the python file matching the input name field in AOB a correct way to invoke?

0 Karma

chli_splunk
Splunk Employee
Splunk Employee

Technically yes. But if your new input has different parameters or settings, you have to update some files manually including inputs.conf.spec, inputs.conf, restmap.conf, py files etc. You can refer the templates in AoB to see how to apply different settings to the code generation: $SPLUNK_HONE/etc/apps/splunk_app_addon-builder/bin/ta_gnerator/resources

Use AoB to build another addon is highly recommended, since it's not easy to do everything manually.

0 Karma

chli_splunk
Splunk Employee
Splunk Employee

AoB developed a toolchain as Python libs for you. If you want to invoke some functions outside of AoB, please copy all the py files under "bin" folder to another Splunk app. Otherwise you have to figure out the callstacks by yourself.

0 Karma

pmeyerson
Path Finder

Or should this work pretty effortlessly?
Guess I could install splunk on my dev too!

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...