Getting Data In

How do you get a config from a scripted input?

Path Finder

Digging around in the splunk python docs (via help(splunk...), splunk.bundle.getConf seems to be the best way to read a config, at least from a command. Unfortunately, it wants a sessionKey, which I'm not aware of existing when you're running from a scripted input. getConf(confName, sessionKey=None, namespace=None, owner=None, overwriteStanzas=False, hostPath=None)

I'm getting this error: splunk.AuthenticationFailed: [HTTP 401] Client is not authenticated; None

So, questions... Is there a sessionKey around when running a scripted input? Is there some other module for merging configs?

Tags (1)

Splunk Employee
Splunk Employee

I settled on the cli config lib (for the same purpose -- scripted inputs). No idea what the best practice is here, but I find this one to be very easy to use. I had a hard time understanding how to use readConf() myself... 😕

import splunk.clilib.cli_common 

config = splunk.clilib.cli_common.getMergedConf('myconfig')

This just returns a normal python dict, so do whatever you want now.

0 Karma

Path Finder

I figured this one out with a little help, so I thought I'd post the answer for all to see.

Two things are required.

  1. In inputs.conf, enable passAuth in your scripted input stanza. I used passAuth = admin. This will send a token for that user to STDIN of your script.
  2. Read that STDIN and use it in the call to getConf. Match the user in the getConf call.

Code snippet: def main(): #get the auth token sessionKey = sys.stdin.readline() #extract the APP name to use for namespace. #Maybe there's a better way then getting it from the script path? namespace = re.findall('.*\/[\/]bin',sys.path[0])[0]

conf = bundle.getConf('foo', sessionKey=sessionKey, namespace=namespace, owner='admin') value1 = conf['stanza']['value1'] value2 = conf['stanza']['value2']

Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!