Ok, so now my app has a scripted input (Powershell) and setup.xml is communicating with an eai endpoint defined inside the app. That's great, but the question is how should I manage the configuration of my scripted input such as target's hostname, user credentials, etc?
My first thought was to keep this information inside a plain xml file and have my script and the endpoint access it. But I guess this solution will make the settings global and won't work scale for multiple users, so I think I'm expected to use *.conf files instead. Plus it adds some inconsistency to the way Splunk keeps its configs.
Going this way to collect the actual config in my script I should not only read a conf file from default\, but also merge it with a conf from local\ and, possibly, respect a conf inside users\someuser\myapp\my.conf. The last part seems confusing to me. How can I tell from my script which user's .conf should I read?
Anyway that's just too many of details to implement in my simple script. I believe there should be a simpler way to manage config without duplicating what Splunk already can do. I guess my script could read the config from my app's EAI endpoint, but for this it needs to authenticate first. If I could pass the script a session key somehow that would be great..
What would you recommend? Just stick with a simple xml? thanks 🙂
Perhaps you could leverage the CLI?
splunk btool
also looking for some sign of an answer here. I don't want to use scripted input since i have 40+ fields in my setup.xml and i'm guess 100+ saved searches would have to reference a different script each. Is there any way to access these fields directly from the search bar?
I guess you've already figured this one out since it's more than a month old, but i figured I'd answer in case anyone else wonders.
If you decide to use an .conf you can use splunk's built-in lib to access it, it's in splunk.clilib.cli_common, you can do something like this:
import splunk.clilib.cli_common
...
settings = splunk.clilib.cli_common.getConfStanza(my_conf_name,wanted_stanza)
The getConfStanza-function returns a dictionary with all your key-value pairs for that stanza.
Okay, do you know is there any difference between the two ways?
thanks, although I still have no good solution for my case of using a non-python scripted input. By the way, you can also use readConf() from splunk.admin to get .conf data as a dictionary.
Ah, this might not work for you... Well, if anyone else uses scripted input in python this is a way to solve the problem. 🙂