Security

How to configure a Splunk app setup screen with user credentials?

ramabu
Path Finder

Hi,

I apologize if the following is a stupid question.

I have not been able to take the sample_app configuration example listed in http://docs.splunk.com/Documentation/Splunk/6.3.2/AdvancedDev/SetupExampleCredentials
and apply it to my use case.

I can see that there has to be a setup.xml
I can see that it refers to endpoints and entities.
I can see the need for corresponding conf files.
I also see a correspondence to restmap.conf entries, and in turn to some python configurator script (not in that doc, though).

I fail to see the model behind this.

If I want an app with a couple of text fields (neither are user-name/password):
what endpoint/entities should I use? It is probably my call; say, endpoint="admin/myconf" entity="mysettings".
but then, where else should I define "myconf"? "mysettings"? which if at all should be in inputs.conf?
When is a .py script required?

Is there a "for dummies" writeup for this that I can refer to?

Thanks for reading so far!
rama

0 Karma
1 Solution

ramabu
Path Finder

I got it working - but only after reading the respective chapter in the "Splunk Developer's Guide";

Here's how it goes:
Suppose we have an app app, with the need to configure 2 args: ip, and token
A.
The first thing we need to do is to define an endpoint and its member (appep, conf).
This is done in $SPLUNK_HOME/etc/apps/app/default/restmap.conf:

[admin:app]
  match=/appep
  members=conf

[admin_external:conf]
  handlertype = python
  handlerfile = app_handler.py
  handleractions = list, edit

(
if it got unclear with the code highlighting:
[admin:app]
match=/appep
members=conf

[admin_external:conf]
handlertype = python
handlerfile = app_handler.py
handleractions = list, edit
)

B.
Next, we need to create a conf file, appsetup.conf, listing our arguments, in their own stanza, named after our entity.
This is done in $SPLUNK_HOME/etc/apps/app/default/appsetup.conf:

[app_config]
ip =
token =

C.
Now we need to build a setup.xml file, basically describing the dialog.
This is done in $SPLUNK_HOME/etc/apps/app/default/setup.xml:

<setup>
        <block title="Your configuration screen title goes here" endpoint="appep/conf" entity="app_config">
                <input field="ip">
                        <label>Valid prompt for ip</label>
                        <type>text</type>
                </input>
                <input field="token">
                        <label>Valid prompt for token</label>
                        <type>text</type>
                </input>
        </block>
</setup>

D.
Last but not least - we need the app_handler.py python script mentioned in the restmap.conf.
It is there to make the configuration persist, basically. In other words, perhaps, the code behind the "save" button. It goes to $SPLUNK_HOME/etc/apps/app/bin/app_handler.py

import splunk.admin as admin
import splunk.entity as en

class ConfigApp(admin.MConfigHandler):
  def setup(self):
    if self.requestedAction == admin.ACTION_EDIT:
      for myarg in ['ip', 'token']:
        self.supportedArgs.addOptArg(myarg)

  def handleList(self, confInfo):
    confDict = self.readConf("appsetup")
    if None != confDict:
      for stanza, settings in confDict.items():
        for key, val in settings.items():
          if key in ['ip', 'token'] and val in [None, '']:
            val = ''
          confInfo[stanza].append(key, val)

  def handleEdit(self, confInfo):
    name = self.callerArgs.id
    args = self.callerArgs
    self.writeConf('appsetup', 'app_config', self.callerArgs.data)

admin.init(ConfigApp, admin.CONTEXT_NONE)

E.
Finally, restart splunk.

  • When you start the app first, you'll be prompted to go to the configuration screen.
  • Everything you save will be kept in $SPLUNK_HOME/etc/apps/app/local/appsetup
  • To troubleshoot Python syntax errors, you best look at splunkd.log in $SPLUNK_HOME/var/log

View solution in original post

ramabu
Path Finder

I got it working - but only after reading the respective chapter in the "Splunk Developer's Guide";

Here's how it goes:
Suppose we have an app app, with the need to configure 2 args: ip, and token
A.
The first thing we need to do is to define an endpoint and its member (appep, conf).
This is done in $SPLUNK_HOME/etc/apps/app/default/restmap.conf:

[admin:app]
  match=/appep
  members=conf

[admin_external:conf]
  handlertype = python
  handlerfile = app_handler.py
  handleractions = list, edit

(
if it got unclear with the code highlighting:
[admin:app]
match=/appep
members=conf

[admin_external:conf]
handlertype = python
handlerfile = app_handler.py
handleractions = list, edit
)

B.
Next, we need to create a conf file, appsetup.conf, listing our arguments, in their own stanza, named after our entity.
This is done in $SPLUNK_HOME/etc/apps/app/default/appsetup.conf:

[app_config]
ip =
token =

C.
Now we need to build a setup.xml file, basically describing the dialog.
This is done in $SPLUNK_HOME/etc/apps/app/default/setup.xml:

<setup>
        <block title="Your configuration screen title goes here" endpoint="appep/conf" entity="app_config">
                <input field="ip">
                        <label>Valid prompt for ip</label>
                        <type>text</type>
                </input>
                <input field="token">
                        <label>Valid prompt for token</label>
                        <type>text</type>
                </input>
        </block>
</setup>

D.
Last but not least - we need the app_handler.py python script mentioned in the restmap.conf.
It is there to make the configuration persist, basically. In other words, perhaps, the code behind the "save" button. It goes to $SPLUNK_HOME/etc/apps/app/bin/app_handler.py

import splunk.admin as admin
import splunk.entity as en

class ConfigApp(admin.MConfigHandler):
  def setup(self):
    if self.requestedAction == admin.ACTION_EDIT:
      for myarg in ['ip', 'token']:
        self.supportedArgs.addOptArg(myarg)

  def handleList(self, confInfo):
    confDict = self.readConf("appsetup")
    if None != confDict:
      for stanza, settings in confDict.items():
        for key, val in settings.items():
          if key in ['ip', 'token'] and val in [None, '']:
            val = ''
          confInfo[stanza].append(key, val)

  def handleEdit(self, confInfo):
    name = self.callerArgs.id
    args = self.callerArgs
    self.writeConf('appsetup', 'app_config', self.callerArgs.data)

admin.init(ConfigApp, admin.CONTEXT_NONE)

E.
Finally, restart splunk.

  • When you start the app first, you'll be prompted to go to the configuration screen.
  • Everything you save will be kept in $SPLUNK_HOME/etc/apps/app/local/appsetup
  • To troubleshoot Python syntax errors, you best look at splunkd.log in $SPLUNK_HOME/var/log

hridayns
Engager

Hi,

Thanks for spending time posting the answer. It really helped. Really concise and clear. Easy and understandable. Been stuck at it for days. 🙂

Cheers,
Hriday.

0 Karma

meenal901
Communicator

Very nicely written. Thanks 🙂

0 Karma

sumangala
Path Finder

Hi,
Above example was much more clear for understanding. I just tried your setting and configuration as u mentioned above. But, When I launch app setup.xml is not prompted.
Do u know anything went wrong?

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...