Solved: Re: Is it safe to make a folder in $SPLUNK_HOME/va...

matutter4 · ‎12-01-2016

I'm writing a custom search command filter that's designed to use pythons tempfile.gettempdir. I see that Splunk uses the environment variable which gettempdir returns as the location for Splunk's dispatch directory. I also want to use the value of gettempdir to make a single folder and write files into that folder.

Is it safe to use the dispatch directory set by Splunk for my own uses? Is it safe if I only use folder's that don't conflict with Splunk's dispatch naming conventions?

ddrillic · ‎12-01-2016

Really, it's against the best practice of any software. For supportability, you don't want this kind of dual purpose locations.

View solution in original post

ddrillic · ‎12-01-2016

Really, it's against the best practice of any software. For supportability, you don't want this kind of dual purpose locations.

matutter4 · ‎12-06-2016

I did a few tests with using the tempfile.gettempdir and it worked fine without any issues. I didn't try to use a path that is used by splunk within the dispatch directory but I imagine that would causes issue. As @ddrillic said it isn't a good practice; and so I just replaced the use of gettempdir with a variable read with splunk.splunklib.cli_common.getConfKeyValue from a config file when my search-command runs.

Is it safe to make a folder in $SPLUNK_HOME/var/run/dispatch?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?