Splunk Search
Highlighted

Find splunkd Port From Custom Search Command

Splunk Employee
Splunk Employee

I have a custom search command that goes and hits the splunkd API. This works great in my dev environment where I can hardcode the splunkd port, but I'm trying to figure out how to figure this out dynamically. Since it hands me the path to my script, I've thought of grepping out the "splunk cmd btool web list settings" but that would introduce platform headaches (in addition to being ugly).

Is there any correct way to do this?

Similar Question regarding Scripted Input: http://answers.splunk.com/answers/232140/find-splunkd-port-from-scripted-input.html

Highlighted

Re: Find splunkd Port From Custom Search Command

Splunk Employee
Splunk Employee

Hi David

Are you using our Python SDK to create the search command? If so, we expose a Service object that you can use to talk back to Splunk which is already pre-configured.

If you look here you will see we expose a 'service' property that you can just grab.

In order to enable this to be initialized, you have to put the following in your commands.conf as the comment I linked to indicates.

enableheader=true
requires_srinfo=true

This will tell Splunk to send over a session token to the command so that it can talk back via the API.

View solution in original post

Highlighted

Re: Find splunkd Port From Custom Search Command

Splunk Employee
Splunk Employee

The python sdk approach would probably be a really smart way for me to approach this, but in this case I'm not using the SDK. You did clue me in to using the built in tools. Here's what ended up working for me:

import splunk.entity, splunk.Intersplunk
records = splunk.Intersplunk.readResults(settings = settings, has_header = True)
entity = splunk.entity.getEntity('/server','settings', namespace='[INSERTAPPNAME]', sessionKey=settings['sessionKey'], owner='-')
mydict = dict()  
mydict = entity
myPort = mydict['mgmtHostPort']
[...]
base_url = "https://127.0.0.1:" + myPort
request = urllib2.Request(base_url + '/servicesNS/-/[INSERTAPPNAME]/properties/macros/' + macroname,
    data = urllib.urlencode({'definition': macrovalue}),
    headers = { 'Authorization': ('Splunk %s' %settings['sessionKey'])})
search_results = urllib2.urlopen(request)
print "output"
print search_results.read()

For completeness, my commands.conf is:

[updatemacro]
filename = UpdateMacro.py
type = python
local = true
stderr_dest = message
passauth = true
Highlighted

Re: Find splunkd Port From Custom Search Command

Splunk Employee
Splunk Employee

Cool. My next suggestion if you were not using the SDK was going to suggest you replicate what we did, which you did 🙂

0 Karma
Highlighted

Re: Find splunkd Port From Custom Search Command

Splunk Employee
Splunk Employee

I went through the same process with scripted inputs -- cross-posting in case anyone needs to get there but came here via google. http://answers.splunk.com/answers/232140/find-splunkd-port-from-scripted-input.html