Getting Data In

Is it possible to make Splunk Inputs in automated way?

New Member

Hi All!

Currently we have some add-ons for tools like Jenkins, GitLab, SonarQube in our instance and we have configured all fields for them to fetch data from these tools.

The problem is that e.g. for Jenkins we need to specify all project names separated by a comma and once new project appears or is deleted, we need to manually update this add-on setup fields.
Is it possible to configure these fields in automated way, to avoid manual work? ( Automatically take all Jenkins project names and fetch data from them)

Looking forward for your replies
Thank you!

0 Karma
1 Solution

Super Champion

In general terms, yes. It's fairly easy to programmatically manipulate Splunk's configuration files. Options include (1) editing the files directly using a bit of code, (2) using the CLI ( splunk add monitor, for example), and (3) using the REST API. All of these approaches have pros/cons. I suspect that option #2 is out for a custom TA. Between options 1 and 3, it's a bit of a preference call. Both options will give you lots of flexibility.

I've not used the Jenkin's TA, but if you can figure out which entry in your configuration file needs to be updated, it should be fairly straightforward to update it.

If you want to go down the REST API path, I'd suggest starting with the REST API Tutorials - Managing Objects, if you haven't done anything like this before with Splunk. Then make your way over to the Splunk REST API Reference docs and look at the "Configuration" section.

View solution in original post

0 Karma

Super Champion

In general terms, yes. It's fairly easy to programmatically manipulate Splunk's configuration files. Options include (1) editing the files directly using a bit of code, (2) using the CLI ( splunk add monitor, for example), and (3) using the REST API. All of these approaches have pros/cons. I suspect that option #2 is out for a custom TA. Between options 1 and 3, it's a bit of a preference call. Both options will give you lots of flexibility.

I've not used the Jenkin's TA, but if you can figure out which entry in your configuration file needs to be updated, it should be fairly straightforward to update it.

If you want to go down the REST API path, I'd suggest starting with the REST API Tutorials - Managing Objects, if you haven't done anything like this before with Splunk. Then make your way over to the Splunk REST API Reference docs and look at the "Configuration" section.

View solution in original post

0 Karma

New Member

Hi Lowell,

That's great! Thank you for your answer!
For now I just wanted to make sure if it's even possible and i got answer - it is! Exactly what was needed.
Will definitely dig deeper into this and REST API most probably will be the path which I will choose although I'm not really experienced with this so far, but we all have been at learning stage some day. 🙂

Thank you once more!

0 Karma