All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

mint programatically

tomasmoser
Contributor
‎07-03-2019 01:14 AM

Hi,

is there a way to deploy Splunk MINT add-on programatically? My client is automating everything, so I would like to:
1. install/deploy Splunk MINT add-on (default installation)
2. install/deploy configuration app with a predefined inputs.conf with cleartext "token" included.

I have issues making this work. Splunk ciphers the cleartext token and adds it to a .../storage/passwords/ REST endpoint as "cds_token". Fine. But Splunk creates /local directory in both Splunk_TA_mint and in my configuration app abx_mint_token.

When I run btool configuration in Splunk_TA/min/local/inputs.conf gets precedence. In this file there is cds_token = 0 and not cds_token = token_encrypted as in my abx_mint_token app.

Hence Splunk thinks there is no token (cds_token = 0) and it does not work.

Any clue how to fix this?

abx_mint_token/local/inputs.conf

[mi_cds://default]
disabled = 0
cds_token = token_encrypted
cds_url = https://data.cds.splkmobile.com/api/v2/events
start_by_shell = 0
verify_ssl = 1

Splunk_TA_mint/local/inputs.conf

[mi_cds://default]
cds_token = 0
cds_url = https://data.cds.splkmobile.com/api/v2/events
start_by_shell = 0
verify_ssl = 1

splunk btool inputs list mi_cds://default --debug

/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   [mi_cds://default]
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf backoff_time = 10
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   cds_token = 0
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   cds_url = https://data.cds.splkmobile.com/api/v2/events
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf cloud_install = 
/opt/splunk/etc/apps/abx_mint_token/local/inputs.conf   disabled = 0
host = drake
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf index = mint
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf polling_interval = 5
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf request_timeout = 30
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   start_by_shell = 0
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   verify_ssl = 1

Tomas

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...