Splunk Enterprise

Splunk and Visual Studio Code

genesiusj
Builder

Hello,

I'm trying to find information on how to use Splunk with Visual Studio Code.

I have an authentication token on my development instance.
I've installed the Visual Studio Code Extension for Splunk on GitHub.

I'm lost from here on.

What do I enter in the url and webroot fields in the launch.json file?

    "configurations": [
        {
            "type": "chrome",
            "request": "launch",
            "name": "Launch Chrome against localhost",
            "url": "https://<host name>:8080",
            "webRoot": "${workspaceFolder}"
        }
    ]

This opens Splunk in my Chrome browser, but it is an empty search field.

I created splnb file in VSC, but when I run it, I receive ERROR: Unauthorized.

Thanks in advance for any direction provided.
God bless, Genesius

Labels (3)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I'm expecting that you are running splunk on normal port 8089 and host is e.g. my.splunk.host. Then just put on your URL "https://my.splunk.host:8089" and it should work. Maybe it needs to restart VScode before it work?

Also you should create Token for authentication on splunk side and add it to your configuration. 

For some reason I haven't those entries on my settings.json? I just use GUI to configure Splunk extension for vscode with items:

  • Splunk Rest Url
  • Token

Those two should be enough for using REST api for queries. 3rd one which you probably want to set it Splunk Search Head (https://my.splunk.host:8000).

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...