Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to make Splunk Inputs in automated way?

edgarsmielavs
New Member
‎03-19-2018 07:18 AM

Hi All!

Currently we have some add-ons for tools like Jenkins, GitLab, SonarQube in our instance and we have configured all fields for them to fetch data from these tools.

The problem is that e.g. for Jenkins we need to specify all project names separated by a comma and once new project appears or is deleted, we need to manually update this add-on setup fields.
Is it possible to configure these fields in automated way, to avoid manual work? ( Automatically take all Jenkins project names and fetch data from them)

Looking forward for your replies
Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Lowell
Super Champion
‎03-19-2018 08:49 AM

In general terms, yes. It's fairly easy to programmatically manipulate Splunk's configuration files. Options include (1) editing the files directly using a bit of code, (2) using the CLI ( splunk add monitor, for example), and (3) using the REST API. All of these approaches have pros/cons. I suspect that option #2 is out for a custom TA. Between options 1 and 3, it's a bit of a preference call. Both options will give you lots of flexibility.

I've not used the Jenkin's TA, but if you can figure out which entry in your configuration file needs to be updated, it should be fairly straightforward to update it.

If you want to go down the REST API path, I'd suggest starting with the REST API Tutorials - Managing Objects, if you haven't done anything like this before with Splunk. Then make your way over to the Splunk REST API Reference docs and look at the "Configuration" section.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Lowell
Super Champion
‎03-19-2018 08:49 AM

In general terms, yes. It's fairly easy to programmatically manipulate Splunk's configuration files. Options include (1) editing the files directly using a bit of code, (2) using the CLI ( splunk add monitor, for example), and (3) using the REST API. All of these approaches have pros/cons. I suspect that option #2 is out for a custom TA. Between options 1 and 3, it's a bit of a preference call. Both options will give you lots of flexibility.

I've not used the Jenkin's TA, but if you can figure out which entry in your configuration file needs to be updated, it should be fairly straightforward to update it.

If you want to go down the REST API path, I'd suggest starting with the REST API Tutorials - Managing Objects, if you haven't done anything like this before with Splunk. Then make your way over to the Splunk REST API Reference docs and look at the "Configuration" section.

0 Karma
Reply
Solved! Jump to solution

edgarsmielavs
New Member
‎03-20-2018 12:48 AM

Hi Lowell,

That's great! Thank you for your answer!
For now I just wanted to make sure if it's even possible and i got answer - it is! Exactly what was needed.
Will definitely dig deeper into this and REST API most probably will be the path which I will choose although I'm not really experienced with this so far, but we all have been at learning stage some day. 🙂

Thank you once more!

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...
Top