Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

REST endpoint for modifying $app/local/macros.conf

jpvlsmv
Path Finder
‎03-25-2015 12:26 PM

I'd like to have my app not clobber other people's index names, or to be able to reference an existing (but I don't know what index search)

I thought that I could, in my app's setup.xml, prompt the user for the desired index name.

But then, how do I get my saved search or view or dashboard to reference the value the user entered?

I created a macro in $app/etc/default/macros.conf, defining:

     [appindex]
     definition = index=foo

and in the app, I can define my searches referencing `appindex` therestofthequery and everything works fine.

I can get setup.xml to prompt for the desired index name, but I can't find the REST endpoint that will put the definition in $app/local/macros.conf

Is there another way to do this?

Reply
1 Solution
Solved! Jump to solution
Solution

vcarbona
Path Finder
‎03-30-2015 02:23 PM

The link below will have the answer in the question.

With the Python SDK, you can access it even easier:

from splunklib.client import connect
...
service = connect(username="admin", password="changeme", host="myhost", app="search")
# To update a macro named "test" in the search app
service.post('properties/macros/test', definition="test123")

# To read a macro named "test" in the search app
print service.get('properties/macros/test/definition')["body"]

View solution in original post

Reply
Solved! Jump to solution

acharlieh
Influencer
‎03-30-2015 03:44 PM

Looking at the urls that come back with Settings > (Knowledge) Advanced Search > Search macros. It looks like those are controlled through the /servicesNS/(usercontext)/(appcontext)/admin/macros endpoint and children endpoints. Wiring it up isn't something I've done yet, but this might help... check out |rest /servicesNS/-/-/admin/macros for example.

Reply
Solved! Jump to solution
Solution

vcarbona
Path Finder
‎03-30-2015 02:23 PM

The link below will have the answer in the question.

With the Python SDK, you can access it even easier:

from splunklib.client import connect
...
service = connect(username="admin", password="changeme", host="myhost", app="search")
# To update a macro named "test" in the search app
service.post('properties/macros/test', definition="test123")

# To read a macro named "test" in the search app
print service.get('properties/macros/test/definition')["body"]
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...