I am trying to implement pretty “unusual” App for Splunk.
By unusual, I mean that I see no standard/handy way of doing this.
Splunk Enterprise customer has a has a server farm running a software. The customer runs deploy to update code on these servers. During deploy, some abnormal behaviour may be observed across servers (i.e response times may be longer).
Also, sometimes some hardware shows its flaws affecting performance metrics of servers.
In short, the app uses predict (and Holt Winters) on servers performance metrics in an enhanced way.
The idea is to allow a user to save times of deploys or unhealthy hosts + time when particular server was not ok via web app (using kvstore) to then exclude events falling into this range from input of the predict command to then be able to efficiently detect outliers.
Also, exclusion works for future events preventing triggered alerts from bothering in time of scheduled deploy (again time is set through kvstore in the same way).
The obstacle is that I need to provide user credentials to the app, to allow the python stream filterer to use values in kvstore that is pretty inconvenient/insecure.
Is there a way to get anonymous read access to kvstore?
Or maybe there is a better way of doing described above (not using Python script to filter events by time ranges+hosts set in kvstore)
Answering my own question:
as command runs it receives AUTH header if enabled in commands.conf
enableheader = true
passauth = true
header has the following form
{
"authString": "<auth><userId>admin</userId><username>admin</username>
<authToken>Sb...wC</authToken></auth>\n' chunked 1.0,494,0",
"finished": true
}
You can use this token to go to KVStore
service = client.connect(token=token, owner='nobody', app='YourAppName')
for row in self.service.kvstore['collection_name'].data.query():
do job
Hi @cloun ,
Thanks, for the answer. How do you get the header in the first place? Did you use a lower level lib (httplib, or binding) ?
Quick answer: No. The KVstore is tied to Splunkd, which requires authentication in order to provide read and write access.