Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Writing to a .conf/.json file on a search head cluster via Python

alucarddjin
Path Finder
‎08-20-2021 03:08 AM

I am trying to make an app (using Python) in which a user will select key field details that have to be saved into a settings file (json or conf) but currently when it write's it's only saving to the search head the user is currently on, no replicating across them all. 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-20-2021 07:19 AM

Thanks for clarifying.  SHCs do not replicate every file.  To see what is replicated, visit https://docs.splunk.com/Documentation/Splunk/8.2.1/DistSearch/HowconfrepoworksinSHC

The preferred method for distributing app configurables to a SHC is to put them on the SHC deployer and then push the bundle to the cluster.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-20-2021 05:56 AM

We need more information. How exactly are you saving the file ("using Python" is not enough)?  Which API or command are you using?  Where is the file being saved?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

alucarddjin
Path Finder
‎08-20-2021 06:05 AM

I didn't put to much detail in because I want to know what's best practice when dealing with a clustered search head.

Currently I'm using json.dump into the apps bin folder like this:

with open('/apps/appname/bin/fields.json','w') as file:
    json.dump(fields,file)

Again though I'm not set on this way, just what's the proper way to deal with writing on a clustered search head.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-20-2021 07:19 AM

Thanks for clarifying.  SHCs do not replicate every file.  To see what is replicated, visit https://docs.splunk.com/Documentation/Splunk/8.2.1/DistSearch/HowconfrepoworksinSHC

The preferred method for distributing app configurables to a SHC is to put them on the SHC deployer and then push the bundle to the cluster.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

alucarddjin
Path Finder
‎08-25-2021 12:04 AM

Thanks for that. It points me in the right direction at least.

We do currently use the deplorer for this file but the issue comes up that people can't edit it on the search head without us having to put it into BitBucket then pushing to the deployed. I was hoping for a tool they could update in Splunk without devs being involved 😖

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...