Splunk Dev

Python SDK - using the SDK to erase particular settings from stanzas

anirban_td
Explorer

I am using the Python SDK to add the allow_skew setting to savedsearches. 

See the generalised code snippet below: 

 

import splunklib.client as client

splunk_svc = client.connect(host="localhost", port=8089, username="admin", password="******")
savedsearch = splunk_svc.saved_searches["alert-splnk-test_email_v1"]

new_skew = "5m"
kwargs = {"allow_skew": new_skew}
savedsearch.update(**kwargs).refresh()

 


This code works and adds 'allow_skew = 5m' to the specific savedsearch stanzas in {app/local OR system/local} / savedsearches.conf / [alert-splnk-test_email_v1]
The code can also be extended to more/all savedsearches on the platform.
It also replicates the changes in a SH Cluster, as expected.

I want to have a reliable way to remove/erase the allow_skew setting from specific savedsearches, preferably using the Python SDK.
The setting needs to be removed from the stanza, so that the allow_skew setting from system / local / savedsearches.conf / [default] is picked up.

The only other ways I could think about are: 


Any help is appreciated. 

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...