Security

How to configure a Splunk app setup screen with user credentials?

ramabu
Path Finder

Hi,

I apologize if the following is a stupid question.

I have not been able to take the sample_app configuration example listed in http://docs.splunk.com/Documentation/Splunk/6.3.2/AdvancedDev/SetupExampleCredentials
and apply it to my use case.

I can see that there has to be a setup.xml
I can see that it refers to endpoints and entities.
I can see the need for corresponding conf files.
I also see a correspondence to restmap.conf entries, and in turn to some python configurator script (not in that doc, though).

I fail to see the model behind this.

If I want an app with a couple of text fields (neither are user-name/password):
what endpoint/entities should I use? It is probably my call; say, endpoint="admin/myconf" entity="mysettings".
but then, where else should I define "myconf"? "mysettings"? which if at all should be in inputs.conf?
When is a .py script required?

Is there a "for dummies" writeup for this that I can refer to?

Thanks for reading so far!
rama

0 Karma
1 Solution

ramabu
Path Finder

I got it working - but only after reading the respective chapter in the "Splunk Developer's Guide";

Here's how it goes:
Suppose we have an app app, with the need to configure 2 args: ip, and token
A.
The first thing we need to do is to define an endpoint and its member (appep, conf).
This is done in $SPLUNK_HOME/etc/apps/app/default/restmap.conf:

[admin:app]
  match=/appep
  members=conf

[admin_external:conf]
  handlertype = python
  handlerfile = app_handler.py
  handleractions = list, edit

(
if it got unclear with the code highlighting:
[admin:app]
match=/appep
members=conf

[admin_external:conf]
handlertype = python
handlerfile = app_handler.py
handleractions = list, edit
)

B.
Next, we need to create a conf file, appsetup.conf, listing our arguments, in their own stanza, named after our entity.
This is done in $SPLUNK_HOME/etc/apps/app/default/appsetup.conf:

[app_config]
ip =
token =

C.
Now we need to build a setup.xml file, basically describing the dialog.
This is done in $SPLUNK_HOME/etc/apps/app/default/setup.xml:

<setup>
        <block title="Your configuration screen title goes here" endpoint="appep/conf" entity="app_config">
                <input field="ip">
                        <label>Valid prompt for ip</label>
                        <type>text</type>
                </input>
                <input field="token">
                        <label>Valid prompt for token</label>
                        <type>text</type>
                </input>
        </block>
</setup>

D.
Last but not least - we need the app_handler.py python script mentioned in the restmap.conf.
It is there to make the configuration persist, basically. In other words, perhaps, the code behind the "save" button. It goes to $SPLUNK_HOME/etc/apps/app/bin/app_handler.py

import splunk.admin as admin
import splunk.entity as en

class ConfigApp(admin.MConfigHandler):
  def setup(self):
    if self.requestedAction == admin.ACTION_EDIT:
      for myarg in ['ip', 'token']:
        self.supportedArgs.addOptArg(myarg)

  def handleList(self, confInfo):
    confDict = self.readConf("appsetup")
    if None != confDict:
      for stanza, settings in confDict.items():
        for key, val in settings.items():
          if key in ['ip', 'token'] and val in [None, '']:
            val = ''
          confInfo[stanza].append(key, val)

  def handleEdit(self, confInfo):
    name = self.callerArgs.id
    args = self.callerArgs
    self.writeConf('appsetup', 'app_config', self.callerArgs.data)

admin.init(ConfigApp, admin.CONTEXT_NONE)

E.
Finally, restart splunk.

  • When you start the app first, you'll be prompted to go to the configuration screen.
  • Everything you save will be kept in $SPLUNK_HOME/etc/apps/app/local/appsetup
  • To troubleshoot Python syntax errors, you best look at splunkd.log in $SPLUNK_HOME/var/log

View solution in original post

ramabu
Path Finder

I got it working - but only after reading the respective chapter in the "Splunk Developer's Guide";

Here's how it goes:
Suppose we have an app app, with the need to configure 2 args: ip, and token
A.
The first thing we need to do is to define an endpoint and its member (appep, conf).
This is done in $SPLUNK_HOME/etc/apps/app/default/restmap.conf:

[admin:app]
  match=/appep
  members=conf

[admin_external:conf]
  handlertype = python
  handlerfile = app_handler.py
  handleractions = list, edit

(
if it got unclear with the code highlighting:
[admin:app]
match=/appep
members=conf

[admin_external:conf]
handlertype = python
handlerfile = app_handler.py
handleractions = list, edit
)

B.
Next, we need to create a conf file, appsetup.conf, listing our arguments, in their own stanza, named after our entity.
This is done in $SPLUNK_HOME/etc/apps/app/default/appsetup.conf:

[app_config]
ip =
token =

C.
Now we need to build a setup.xml file, basically describing the dialog.
This is done in $SPLUNK_HOME/etc/apps/app/default/setup.xml:

<setup>
        <block title="Your configuration screen title goes here" endpoint="appep/conf" entity="app_config">
                <input field="ip">
                        <label>Valid prompt for ip</label>
                        <type>text</type>
                </input>
                <input field="token">
                        <label>Valid prompt for token</label>
                        <type>text</type>
                </input>
        </block>
</setup>

D.
Last but not least - we need the app_handler.py python script mentioned in the restmap.conf.
It is there to make the configuration persist, basically. In other words, perhaps, the code behind the "save" button. It goes to $SPLUNK_HOME/etc/apps/app/bin/app_handler.py

import splunk.admin as admin
import splunk.entity as en

class ConfigApp(admin.MConfigHandler):
  def setup(self):
    if self.requestedAction == admin.ACTION_EDIT:
      for myarg in ['ip', 'token']:
        self.supportedArgs.addOptArg(myarg)

  def handleList(self, confInfo):
    confDict = self.readConf("appsetup")
    if None != confDict:
      for stanza, settings in confDict.items():
        for key, val in settings.items():
          if key in ['ip', 'token'] and val in [None, '']:
            val = ''
          confInfo[stanza].append(key, val)

  def handleEdit(self, confInfo):
    name = self.callerArgs.id
    args = self.callerArgs
    self.writeConf('appsetup', 'app_config', self.callerArgs.data)

admin.init(ConfigApp, admin.CONTEXT_NONE)

E.
Finally, restart splunk.

  • When you start the app first, you'll be prompted to go to the configuration screen.
  • Everything you save will be kept in $SPLUNK_HOME/etc/apps/app/local/appsetup
  • To troubleshoot Python syntax errors, you best look at splunkd.log in $SPLUNK_HOME/var/log

hridayns
Engager

Hi,

Thanks for spending time posting the answer. It really helped. Really concise and clear. Easy and understandable. Been stuck at it for days. 🙂

Cheers,
Hriday.

0 Karma

meenal901
Communicator

Very nicely written. Thanks 🙂

0 Karma

sumangala
Path Finder

Hi,
Above example was much more clear for understanding. I just tried your setting and configuration as u mentioned above. But, When I launch app setup.xml is not prompted.
Do u know anything went wrong?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...