All Apps and Add-ons

mint programatically

tomasmoser
Contributor

Hi,

is there a way to deploy Splunk MINT add-on programatically? My client is automating everything, so I would like to:
1. install/deploy Splunk MINT add-on (default installation)
2. install/deploy configuration app with a predefined inputs.conf with cleartext "token" included.

I have issues making this work. Splunk ciphers the cleartext token and adds it to a .../storage/passwords/ REST endpoint as "cds_token". Fine. But Splunk creates /local directory in both Splunk_TA_mint and in my configuration app abx_mint_token.

When I run btool configuration in Splunk_TA/min/local/inputs.conf gets precedence. In this file there is cds_token = 0 and not cds_token = token_encrypted as in my abx_mint_token app.

Hence Splunk thinks there is no token (cds_token = 0) and it does not work.

Any clue how to fix this?

abx_mint_token/local/inputs.conf

[mi_cds://default]
disabled = 0
cds_token = token_encrypted
cds_url = https://data.cds.splkmobile.com/api/v2/events
start_by_shell = 0
verify_ssl = 1

Splunk_TA_mint/local/inputs.conf

[mi_cds://default]
cds_token = 0
cds_url = https://data.cds.splkmobile.com/api/v2/events
start_by_shell = 0
verify_ssl = 1

splunk btool inputs list mi_cds://default --debug

/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   [mi_cds://default]
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf backoff_time = 10
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   cds_token = 0
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   cds_url = https://data.cds.splkmobile.com/api/v2/events
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf cloud_install = 
/opt/splunk/etc/apps/abx_mint_token/local/inputs.conf   disabled = 0
host = drake
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf index = mint
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf polling_interval = 5
/opt/splunk/etc/apps/Splunk_TA_mint/default/inputs.conf request_timeout = 30
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   start_by_shell = 0
/opt/splunk/etc/apps/Splunk_TA_mint/local/inputs.conf   verify_ssl = 1

Tomas

Tags (1)
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!