Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How can I create a transforms.conf stanza from SplunkJS?

David
Splunk Employee
Splunk Employee
‎01-31-2017 04:51 AM

I want to create a new lookup file. In transforms.conf, that's pretty simple, it should look something like this:

[myLookup6]
filename = myLookup.csv

But how do I do that from SplunkJS?

I've found the appropriate docs, but haven't been able to divine the answer:
http://docs.splunk.com/DocumentationStatic/JavaScriptSDK/1.1/splunkjs.Service.Configurations.html
http://docs.splunk.com/DocumentationStatic/JavaScriptSDK/1.8.0/splunkjs.Service.ConfigurationFile.ht...
http://docs.splunk.com/DocumentationStatic/JavaScriptSDK/1.1/splunkjs.Service.ConfigurationStanza.ht...

Reply
1 Solution
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎01-31-2017 05:01 AM

After a lot of trial and error, and then the help of a partner who had done even more trial and error (and is a better programmer than me), I got the answer.

The overall process is:

  1. Create a service object
  2. Instantiate the configurations object with your scope (app, user, etc.)
  3. Fetch the existing configurations for your file
  4. Create a ConfigurationFile object with a blank config, or pull the existing one
  5. With your file, create a new stanza

Here is the code that worked for me, on Splunk 6.5:

function dvtest(){
    var appscope={}
    appscope['owner'] = Splunk.util.getConfigValue("USERNAME");
    appscope['app'] = utils.getCurrentApp()
    appscope['sharing'] = "app"
    var mystanza = []
    mystanza['filename'] = "myLookup.csv"
    var svc = mvc.createService();
    var files = svc.configurations(appscope);
    var fileDeferred = $.Deferred();
    files.fetch({ 'search': 'name=transforms"' }, function(err, files) {
       var transformsFile = files.item("transforms");
       if (!transformsFile) {
           //  Create the file here
           transformsFile = files.create('transforms', function(err, transformsFile) {
              if (err) {
                  // Error case, throw an exception dialog to user here.
                  return;
              }
              fileDeferred.resolve(transformsFile);
           });
       }
       else {
          fileDeferred.resolve(transformsFile)
       }
    });
    fileDeferred.done(function(transformsFile) {
         transformsFile.create("myLookup6", mystanza, function(err, stanza) {
             // Stanza now created -- go check transforms.conf if you don't believe me
         }
    )});
}

View solution in original post

Reply
Solved! Jump to solution

lknecht_splunk
Splunk Employee
Splunk Employee
‎09-24-2017 09:55 PM

Hi there David,

Please take a look at this example application that has been built.

Developer Guidance - Setup View Example For Splunk:
https://splunkbase.splunk.com/app/3728/

Source code can be found here:
https://github.com/splunk/Developer_Guidance_Setup_View_Example

This app uses a setup view to configure Splunk configuration files. While the goal is different, the solution is the same, and much of the code can be reused in the goal you're seeking to accomplish.

It is meant to serve as a point of reference.

Please let me know if that's not sufficient.

0 Karma
Reply
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎01-31-2017 05:01 AM

After a lot of trial and error, and then the help of a partner who had done even more trial and error (and is a better programmer than me), I got the answer.

The overall process is:

  1. Create a service object
  2. Instantiate the configurations object with your scope (app, user, etc.)
  3. Fetch the existing configurations for your file
  4. Create a ConfigurationFile object with a blank config, or pull the existing one
  5. With your file, create a new stanza

Here is the code that worked for me, on Splunk 6.5:

function dvtest(){
    var appscope={}
    appscope['owner'] = Splunk.util.getConfigValue("USERNAME");
    appscope['app'] = utils.getCurrentApp()
    appscope['sharing'] = "app"
    var mystanza = []
    mystanza['filename'] = "myLookup.csv"
    var svc = mvc.createService();
    var files = svc.configurations(appscope);
    var fileDeferred = $.Deferred();
    files.fetch({ 'search': 'name=transforms"' }, function(err, files) {
       var transformsFile = files.item("transforms");
       if (!transformsFile) {
           //  Create the file here
           transformsFile = files.create('transforms', function(err, transformsFile) {
              if (err) {
                  // Error case, throw an exception dialog to user here.
                  return;
              }
              fileDeferred.resolve(transformsFile);
           });
       }
       else {
          fileDeferred.resolve(transformsFile)
       }
    });
    fileDeferred.done(function(transformsFile) {
         transformsFile.create("myLookup6", mystanza, function(err, stanza) {
             // Stanza now created -- go check transforms.conf if you don't believe me
         }
    )});
}
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...