Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to dynamically update transforms.conf with cURL?

skender27
Contributor
‎03-03-2017 06:54 AM

Hi,

I have the following transforms.conf actual configuration (with various User in the regex):

[admin filter]
DEST_KEY = queue
FORMAT = indexQueue
REGEX = (?i)(Account name:\s+User1)|(Account Name:\sUser2)|(……)

Let suppose that FORMAT contains the $1, $2, $3, $n... as the various Users.

I need to update the $SPLUNK_HOME\eta\apps\<my app>\local\transforms.conf
with the curl command as the following, but I do not find the RESt POST method correctly in the docs (http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTconf). I do not understand what to put instead of property and values

curl -k -u <user>:<passwd> https://<ip_server>:8089/servicesNS/nobody/<my app>/properties/transforms/<admin filter> -d <property>=<value>

Any suggestions how to achieve this?

Thanks,
Skender

Reply

gjanders
SplunkTrust
SplunkTrust
‎03-05-2017 04:10 PM

Try https://localhost:8089/services/data/transforms//extractions or your relevant Splunk instance (ie. replace the localhost).
I've also used the command line of the server which I would assume is:

$SPLUNK_HOME/bin/splunk _internal call "/services/data/transforms/extractions"

I have not used this but I can see the list/reload/edit options available which means that you should be able to make the changes you require.

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...