Digging around in the splunk python docs (via help(splunk...), splunk.bundle.getConf seems to be the best way to read a config, at least from a command. Unfortunately, it wants a sessionKey, which I'm not aware of existing when you're running from a scripted input.
getConf(confName, sessionKey=None, namespace=None, owner=None, overwriteStanzas=False, hostPath=None)
I'm getting this error:
splunk.AuthenticationFailed: [HTTP 401] Client is not authenticated; None
Is there a sessionKey around when running a scripted input?
Is there some other module for merging configs?
I settled on the cli config lib (for the same purpose -- scripted inputs). No idea what the best practice is here, but I find this one to be very easy to use. I had a hard time understanding how to use readConf() myself... 😕
I figured this one out with a little help, so I thought I'd post the answer for all to see.
Two things are required.
In inputs.conf, enable passAuth in your scripted input stanza. I used passAuth = admin. This will send a token for that user to STDIN of your script.
Read that STDIN and use it in the call to getConf. Match the user in the getConf call.
#get the auth token
sessionKey = sys.stdin.readline()
#extract the APP name to use for namespace.
#Maybe there's a better way then getting it from the script path?
namespace = re.findall('.*\/[\/]bin',sys.path)