All Apps and Add-ons

how to test add-on-builder python code from remote dev workstation?

pmeyerson
Path Finder

Is there a way to invoke the collect_events() method in an add on that is using the add-on-builder template and has been copied to a remote dev workstation?

I installed the splunk-sdk using pip, updated my service.connect() to specifiy the remote host, and set the log context to log to my local directory instead of /opt/splunk/var/log which does not exist.

I try to run the main python file that matches the input name (without the input_module in the name), but it seems to just hang and not log anything. The input_module_*.py seems to exit immediately. Any suggestions would be great.

0 Karma

pmeyerson
Path Finder

Right thanks, I did make sure to copy all of the files under /bin and subdirectories as well. Is calling the python file matching the input name field in AOB a correct way to invoke?

0 Karma

chli_splunk
Splunk Employee
Splunk Employee

Technically yes. But if your new input has different parameters or settings, you have to update some files manually including inputs.conf.spec, inputs.conf, restmap.conf, py files etc. You can refer the templates in AoB to see how to apply different settings to the code generation: $SPLUNK_HONE/etc/apps/splunk_app_addon-builder/bin/ta_gnerator/resources

Use AoB to build another addon is highly recommended, since it's not easy to do everything manually.

0 Karma

chli_splunk
Splunk Employee
Splunk Employee

AoB developed a toolchain as Python libs for you. If you want to invoke some functions outside of AoB, please copy all the py files under "bin" folder to another Splunk app. Otherwise you have to figure out the callstacks by yourself.

0 Karma

pmeyerson
Path Finder

Or should this work pretty effortlessly?
Guess I could install splunk on my dev too!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...