Splunk Cloud Platform

Convert Btool command to rest command to be run on the cloud

robertlynch2020
Influencer

Hi

It is possible to convert enterprise command line 

 

 

bin/splunk btool limits list --app=MX.3_MONITORING_v3 --debug

 

 

To a rest command to be run from SPL in the cloud, please?

 

Thanks in advance

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Install the Admin's Little Helper app (https://splunkbase.splunk.com/app/6368).  It contains a 'btool' command that you can include in your SPL.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

dural_yyz
Builder

I've not done the cloud enough to know if this works, but on prem I would have done this.

| rest splunk_server=local /servicesNS/-/-/configs/conf-limits search="eai:acl.app=*" 
0 Karma

robertlynch2020
Influencer

Hi 

Thanks for the help, i have installed it, but am I missing something.

robertlynch2020_0-1727456640529.png

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
as this is a generating command https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Commandsbytype#Generating_c... you must add "|" in front of it. It also must be the first command on your SPL (or inside subquery).

richgalloway
SplunkTrust
SplunkTrust

It's a generating command so the SPL has to start with a pipe.

| btool limits list
---
If this reply helps you, Karma would be appreciated.

richgalloway
SplunkTrust
SplunkTrust

Install the Admin's Little Helper app (https://splunkbase.splunk.com/app/6368).  It contains a 'btool' command that you can include in your SPL.

---
If this reply helps you, Karma would be appreciated.

robertlynch2020
Influencer

This worked well and thanks.

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

robertlynch2020
Influencer

yes - Sorry - i thought i did - cheers for help 🙂

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...