Digging around in the splunk python docs (via help(splunk...), splunk.bundle.getConf seems to be the best way to read a config, at least from a command. Unfortunately, it wants a sessionKey, which I'm not aware of existing when you're running from a scripted input. getConf(confName, sessionKey=None, namespace=None, owner=None, overwriteStanzas=False, hostPath=None)
I'm getting this error: splunk.AuthenticationFailed: [HTTP 401] Client is not authenticated; None
So, questions... Is there a sessionKey around when running a scripted input? Is there some other module for merging configs?
I settled on the cli config lib (for the same purpose -- scripted inputs). No idea what the best practice is here, but I find this one to be very easy to use. I had a hard time understanding how to use readConf() myself... 😕
import splunk.clilib.cli_common
config = splunk.clilib.cli_common.getMergedConf('myconfig')
This just returns a normal python dict, so do whatever you want now.
I figured this one out with a little help, so I thought I'd post the answer for all to see.
Two things are required.
Code snippet: def main(): #get the auth token sessionKey = sys.stdin.readline() #extract the APP name to use for namespace. #Maybe there's a better way then getting it from the script path? namespace = re.findall('.*\/[\/]bin',sys.path[0])[0]
conf = bundle.getConf('foo', sessionKey=sessionKey, namespace=namespace, owner='admin') value1 = conf['stanza']['value1'] value2 = conf['stanza']['value2']