Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I create a transforms.conf stanza from SplunkJS?

David
Splunk Employee
Splunk Employee
‎01-31-2017 04:51 AM

I want to create a new lookup file. In transforms.conf, that's pretty simple, it should look something like this:

[myLookup6]
filename = myLookup.csv

But how do I do that from SplunkJS?

I've found the appropriate docs, but haven't been able to divine the answer:
http://docs.splunk.com/DocumentationStatic/JavaScriptSDK/1.1/splunkjs.Service.Configurations.html
http://docs.splunk.com/DocumentationStatic/JavaScriptSDK/1.8.0/splunkjs.Service.ConfigurationFile.ht...
http://docs.splunk.com/DocumentationStatic/JavaScriptSDK/1.1/splunkjs.Service.ConfigurationStanza.ht...

Reply
1 Solution
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎01-31-2017 05:01 AM

After a lot of trial and error, and then the help of a partner who had done even more trial and error (and is a better programmer than me), I got the answer.

The overall process is:

  1. Create a service object
  2. Instantiate the configurations object with your scope (app, user, etc.)
  3. Fetch the existing configurations for your file
  4. Create a ConfigurationFile object with a blank config, or pull the existing one
  5. With your file, create a new stanza

Here is the code that worked for me, on Splunk 6.5:

function dvtest(){
    var appscope={}
    appscope['owner'] = Splunk.util.getConfigValue("USERNAME");
    appscope['app'] = utils.getCurrentApp()
    appscope['sharing'] = "app"
    var mystanza = []
    mystanza['filename'] = "myLookup.csv"
    var svc = mvc.createService();
    var files = svc.configurations(appscope);
    var fileDeferred = $.Deferred();
    files.fetch({ 'search': 'name=transforms"' }, function(err, files) {
       var transformsFile = files.item("transforms");
       if (!transformsFile) {
           //  Create the file here
           transformsFile = files.create('transforms', function(err, transformsFile) {
              if (err) {
                  // Error case, throw an exception dialog to user here.
                  return;
              }
              fileDeferred.resolve(transformsFile);
           });
       }
       else {
          fileDeferred.resolve(transformsFile)
       }
    });
    fileDeferred.done(function(transformsFile) {
         transformsFile.create("myLookup6", mystanza, function(err, stanza) {
             // Stanza now created -- go check transforms.conf if you don't believe me
         }
    )});
}

View solution in original post

Reply
Solved! Jump to solution

lknecht_splunk
Splunk Employee
Splunk Employee
‎09-24-2017 09:55 PM

Hi there David,

Please take a look at this example application that has been built.

Developer Guidance - Setup View Example For Splunk:
https://splunkbase.splunk.com/app/3728/

Source code can be found here:
https://github.com/splunk/Developer_Guidance_Setup_View_Example

This app uses a setup view to configure Splunk configuration files. While the goal is different, the solution is the same, and much of the code can be reused in the goal you're seeking to accomplish.

It is meant to serve as a point of reference.

Please let me know if that's not sufficient.

0 Karma
Reply
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎01-31-2017 05:01 AM

After a lot of trial and error, and then the help of a partner who had done even more trial and error (and is a better programmer than me), I got the answer.

The overall process is:

  1. Create a service object
  2. Instantiate the configurations object with your scope (app, user, etc.)
  3. Fetch the existing configurations for your file
  4. Create a ConfigurationFile object with a blank config, or pull the existing one
  5. With your file, create a new stanza

Here is the code that worked for me, on Splunk 6.5:

function dvtest(){
    var appscope={}
    appscope['owner'] = Splunk.util.getConfigValue("USERNAME");
    appscope['app'] = utils.getCurrentApp()
    appscope['sharing'] = "app"
    var mystanza = []
    mystanza['filename'] = "myLookup.csv"
    var svc = mvc.createService();
    var files = svc.configurations(appscope);
    var fileDeferred = $.Deferred();
    files.fetch({ 'search': 'name=transforms"' }, function(err, files) {
       var transformsFile = files.item("transforms");
       if (!transformsFile) {
           //  Create the file here
           transformsFile = files.create('transforms', function(err, transformsFile) {
              if (err) {
                  // Error case, throw an exception dialog to user here.
                  return;
              }
              fileDeferred.resolve(transformsFile);
           });
       }
       else {
          fileDeferred.resolve(transformsFile)
       }
    });
    fileDeferred.done(function(transformsFile) {
         transformsFile.create("myLookup6", mystanza, function(err, stanza) {
             // Stanza now created -- go check transforms.conf if you don't believe me
         }
    )});
}
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...