Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way we can update the code for disabling data input parameter for the addon build with addon builder 4.x?

jabezds
Path Finder
‎07-26-2022 01:54 AM

Hi all,

We have a case where we want to restrict a user from editing or updating  a input parameter .

We have created a addon using Splunk's Add-on builder (v4.x), the addon takes couple of Data Input Parameters, which include a parameter that has to be disabled and should not be allowed to be updated.

Is there a way we can update the code or does addon builder provide a option to perform such functionality?

Any help or suggestions will be highly appreciated.

 

Thanks,

Jabez.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎08-04-2022 12:50 PM

Hi - If folks can't change the value then it probably doesn't need to even be presented in the UI when making/editing the input. Therefore you could hard code it in the python or make it part of the input's definition in `default/input.conf` conf file but don't show it in the UI. Of course another option could be to hack the CSS/javascript of those generated pages to force the field to be readonly but I wouldn't recommend this as I doubt you'd ever be able to use it with AoB after that.

If you do need it to be in the UI then perhaps share more about the practical nuance here. For example, which app and which field are we talking about and what is the use of this field such that you need it in the UI but not editable?

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎08-15-2022 02:58 PM

I've come to understand that the goal here is to provide the end users the ability to set a checkpoint to start from but then not let them change it thereafter since it could produce issues like data re-indexing.

I recently saw an approach that could work: storing the checkpoint on the server side, not the Splunk side. So I saw an add-on that retained context on where it left off with data collection on the service itself for that client. A clever advantage of this is that the add-on in theory could scale on multiple parallel collector instances.

In summary, it sounds like the leading options are to do custom UI stuff to lock down the field OR to allow the setting and checkpoint to exist on the server side, not the Splunk side.

I hope that helps!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...