Splunk Dev

Python SDK - using the SDK to erase particular settings from stanzas

anirban_td
Explorer

I am using the Python SDK to add the allow_skew setting to savedsearches. 

See the generalised code snippet below: 

 

import splunklib.client as client

splunk_svc = client.connect(host="localhost", port=8089, username="admin", password="******")
savedsearch = splunk_svc.saved_searches["alert-splnk-test_email_v1"]

new_skew = "5m"
kwargs = {"allow_skew": new_skew}
savedsearch.update(**kwargs).refresh()

 


This code works and adds 'allow_skew = 5m' to the specific savedsearch stanzas in {app/local OR system/local} / savedsearches.conf / [alert-splnk-test_email_v1]
The code can also be extended to more/all savedsearches on the platform.
It also replicates the changes in a SH Cluster, as expected.

I want to have a reliable way to remove/erase the allow_skew setting from specific savedsearches, preferably using the Python SDK.
The setting needs to be removed from the stanza, so that the allow_skew setting from system / local / savedsearches.conf / [default] is picked up.

The only other ways I could think about are: 


Any help is appreciated. 

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...