Splunk Enterprise

Is there any script to lint and validate splunk config?

muebel
SplunkTrust
SplunkTrust

Do any of you use (or know of) any scripts that look at splunk configuration and point out errors, or otherwise allow for a framework to do some sanity checking? This is a fairly open question, and I'd also love any ideas for what kind of things you'd like to see in such a script.

Labels (2)
0 Karma
1 Solution

tscroggins
Motivator

@muebel 

btool includes a "check" command, which I believe does simple .conf.spec validation, similar to Splunk startup.

AppInspect includes various checks.

The official Visual Studio Code Extension for Splunk includes .conf linting. I've not used it, so I can't comment on its quality or accuracy.

How deep down the lint rabbit hole do you plan to go? It's perhaps too late to break PC-lint's continuously advertised software record. 😉 (I do miss Dr. Dobb's Journal.)

View solution in original post

VatsalJagani
Champion

@muebel - How about btool?

./splunk btool check

tscroggins
Motivator

@muebel 

btool includes a "check" command, which I believe does simple .conf.spec validation, similar to Splunk startup.

AppInspect includes various checks.

The official Visual Studio Code Extension for Splunk includes .conf linting. I've not used it, so I can't comment on its quality or accuracy.

How deep down the lint rabbit hole do you plan to go? It's perhaps too late to break PC-lint's continuously advertised software record. 😉 (I do miss Dr. Dobb's Journal.)

muebel
SplunkTrust
SplunkTrust

hmm it appears that check doesn't work when also using the --dir flag

0 Karma

muebel
SplunkTrust
SplunkTrust

with some help from @mmccul in slack I was able to figure this out.

btool is expecting a specific directory structure, and is looking for the spec files to be found in `system/README` from what is specified as the `--dir` target.

It also only looks in directories named like the normal config directories ( apps, master-apps etc)

Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...