Getting Data In

Best way to create a custom config for an app

Leo
Splunk Employee
Splunk Employee

Ok, so now my app has a scripted input (Powershell) and setup.xml is communicating with an eai endpoint defined inside the app. That's great, but the question is how should I manage the configuration of my scripted input such as target's hostname, user credentials, etc?

My first thought was to keep this information inside a plain xml file and have my script and the endpoint access it. But I guess this solution will make the settings global and won't work scale for multiple users, so I think I'm expected to use *.conf files instead. Plus it adds some inconsistency to the way Splunk keeps its configs.

Going this way to collect the actual config in my script I should not only read a conf file from default\, but also merge it with a conf from local\ and, possibly, respect a conf inside users\someuser\myapp\my.conf. The last part seems confusing to me. How can I tell from my script which user's .conf should I read?

Anyway that's just too many of details to implement in my simple script. I believe there should be a simpler way to manage config without duplicating what Splunk already can do. I guess my script could read the config from my app's EAI endpoint, but for this it needs to authenticate first. If I could pass the script a session key somehow that would be great..

What would you recommend? Just stick with a simple xml? thanks 🙂

melting
Splunk Employee
Splunk Employee

Perhaps you could leverage the CLI?

splunk btool layer

0 Karma

klee310
Communicator

also looking for some sign of an answer here. I don't want to use scripted input since i have 40+ fields in my setup.xml and i'm guess 100+ saved searches would have to reference a different script each. Is there any way to access these fields directly from the search bar?

0 Karma

erydberg
Splunk Employee
Splunk Employee

I guess you've already figured this one out since it's more than a month old, but i figured I'd answer in case anyone else wonders.

If you decide to use an .conf you can use splunk's built-in lib to access it, it's in splunk.clilib.cli_common, you can do something like this:

import splunk.clilib.cli_common 
...
settings = splunk.clilib.cli_common.getConfStanza(my_conf_name,wanted_stanza)

The getConfStanza-function returns a dictionary with all your key-value pairs for that stanza.

erydberg
Splunk Employee
Splunk Employee

Okay, do you know is there any difference between the two ways?

0 Karma

Leo
Splunk Employee
Splunk Employee

thanks, although I still have no good solution for my case of using a non-python scripted input. By the way, you can also use readConf() from splunk.admin to get .conf data as a dictionary.

0 Karma

erydberg
Splunk Employee
Splunk Employee

Ah, this might not work for you... Well, if anyone else uses scripted input in python this is a way to solve the problem. 🙂

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...