Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

Is it possible to make Splunk Inputs in automated way?

edgarsmielavs
New Member
โ€Ž03-19-2018 07:18 AM

Hi All!

Currently we have some add-ons for tools like Jenkins, GitLab, SonarQube in our instance and we have configured all fields for them to fetch data from these tools.

The problem is that e.g. for Jenkins we need to specify all project names separated by a comma and once new project appears or is deleted, we need to manually update this add-on setup fields.
Is it possible to configure these fields in automated way, to avoid manual work? ( Automatically take all Jenkins project names and fetch data from them)

Looking forward for your replies
Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Lowell
Super Champion
โ€Ž03-19-2018 08:49 AM

In general terms, yes. It's fairly easy to programmatically manipulate Splunk's configuration files. Options include (1) editing the files directly using a bit of code, (2) using the CLI ( splunk add monitor, for example), and (3) using the REST API. All of these approaches have pros/cons. I suspect that option #2 is out for a custom TA. Between options 1 and 3, it's a bit of a preference call. Both options will give you lots of flexibility.

I've not used the Jenkin's TA, but if you can figure out which entry in your configuration file needs to be updated, it should be fairly straightforward to update it.

If you want to go down the REST API path, I'd suggest starting with the REST API Tutorials - Managing Objects, if you haven't done anything like this before with Splunk. Then make your way over to the Splunk REST API Reference docs and look at the "Configuration" section.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Lowell
Super Champion
โ€Ž03-19-2018 08:49 AM

In general terms, yes. It's fairly easy to programmatically manipulate Splunk's configuration files. Options include (1) editing the files directly using a bit of code, (2) using the CLI ( splunk add monitor, for example), and (3) using the REST API. All of these approaches have pros/cons. I suspect that option #2 is out for a custom TA. Between options 1 and 3, it's a bit of a preference call. Both options will give you lots of flexibility.

I've not used the Jenkin's TA, but if you can figure out which entry in your configuration file needs to be updated, it should be fairly straightforward to update it.

If you want to go down the REST API path, I'd suggest starting with the REST API Tutorials - Managing Objects, if you haven't done anything like this before with Splunk. Then make your way over to the Splunk REST API Reference docs and look at the "Configuration" section.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

edgarsmielavs
New Member
โ€Ž03-20-2018 12:48 AM

Hi Lowell,

That's great! Thank you for your answer!
For now I just wanted to make sure if it's even possible and i got answer - it is! Exactly what was needed.
Will definitely dig deeper into this and REST API most probably will be the path which I will choose although I'm not really experienced with this so far, but we all have been at learning stage some day. ๐Ÿ™‚

Thank you once more!

0 Karma
Reply