Security

strange error trying to set up a simple setup.xml example

sideview
SplunkTrust
SplunkTrust

I'm encountering some difficulties trying to get setup.xml working reliably across multiple apps.

When I take a step back and follow the simpler instructions that involve no custom rest endpoint:

http://www.splunk.com/base/Documentation/4.2.1/Developer/SetupExample1

I hit a weird message when the form is submitted. Here's my endpoint and my entity. I'm just writing a single macro.

<block title="My Block Title" endpoint="admin/macros" entity="my_macro_name">
  <input field="definition">
    <label>Foo</label>
    <type>text</type>
  </input>
</block>

The setup.xml does load correctly, but submitting the form gives:

Encountered the following error while trying to update: In handler 'localapps': Argument &quot;disabled&quot; is not supported by this handler.

(the quote characters do indeed appear escaped like that, in case anyone's wondering.)

Can anyone shed any light on what the error message is talking about?

Tags (1)

Ledion_Bitincka
Splunk Employee
Splunk Employee

Yes, the bug has been there as long as the macros endpoint has been around. Yes, we're working on fixing this bug for macros and any other endpoints. Unfortunately, the only workaround right now is to use a custom REST handler.

0 Karma

davidtwamley
Explorer

I'm encountering this bug too with a simple admin/transforms-extract setup block. Any workarounds? I think I'll try writing my own REST handler.

0 Karma

Ledion_Bitincka
Splunk Employee
Splunk Employee

First off, clearly this is a bug. In order to understand the message you'd have to first understand what the setup REST handles does when the user saves the setup content. It

  1. gets the entity (in strict mode) that you're trying to edit via setup,
  2. it changes the fields specified in setup.xml with the values provided by the user
  3. submits the values to the target handler (admin/macros in this case)

Strict mode is a way to list entities with only the fields that are supported on edit/create and disabled field - the reason for listing disabled in strict mode is for the caller to determine the state of the entity. So, the bug here is with the macros REST endpoint not supporting disabled when editing/creating.

sideview
SplunkTrust
SplunkTrust

I have a feeling this bug has been here for a while. Has anyone been working on it? Is it just macros? Any idea what other endpoints/entities will not work in setup.xml? I went back to having setup.xml post to a custom python endpoint, but sometimes I dont really want to maintain all those extra moving parts...

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...