We were looking to run btool on requirement basis for configs across whole of splunk cluster. It is not feasible to run via cmd line on individual servers. I had a plan to write it as an app and share it across all tiers, but just wanted to check if
(I'm aware of https://answers.splunk.com/answers/694707/is-there-a-way-to-run-cmd-btool-check-via-rest.html , but that's same effort as writing an app across all tiers)
I am pretty sure there is no rest api to get the output of btool. I wrote an app that runs btool on a servers and saves it to a file (it then commits the files to a git repository). you could pick apart my code to do what you want. The app is here https://splunkbase.splunk.com/app/4182/#/overview and here is the lines of code you can use: https://github.com/ChrisYounger/git_for_splunk/blob/master/bin/input_module_gitforsplunk.py#L51
Hope you find this helpful
Much appreciated. Upvoted
I was thinking of similar approach as an app myself, as I was thinking of making it more simple scripted input based approach. But quite painful for us to get into all tiers of huge splunk environment.
Hopefully will wait for any other ideas and will accept in few days.
There is no btool endpoint, however you can access all of the configurations on the machine via the conf-file endpoints..
Additionally you can do this via SPL..
| rest splunk_server=local /services/configs/conf-props | transpose
If you do this in a distributed environment, be aware of you peers and adjust the splunk_server= to the servers you want to collect the configs from.
The configuration errors are being recorded in splunkd_stdout.log with "Invalid key in stanza" during server restart. May be worth of getting this information from this log instead of running rest command.