We are developing Add-on Builder 3.0.0 which is Python3 & Splunk8 compatible. It will be released this or next month. Technically all the 3rd party libs should be installed by pip3 , and AoB codes need some manual updates as well. So please wait for the next release rather than doing it by some tools. Thanks. ... View more

Please follow this doc https://docs.splunk.com/Documentation/AddonBuilder/2.2.0/UserGuide/ConfigureDataCollectionAdvanced Basically we need to write some Python code thru AoB UI ... View more

Try these codes stanzas = helper.get_input_stanza() Or stanza = helper.get_input_stanza(your_stanza) It will return sth like { "aob_test":{ "index":"add_on_builder_index", "start_by_shell":false, "interval":30, "sourcetype":"ppp", "host":"localhost", "text":"" } } ... View more

I'm surprised it's not working. Maybe other configurations may affect the line breaker but I cannot tell without details. Please make sure the response is valid JSON. What you posted here should end with "}"? ... View more

In Add-on Builder, you can input a jsonpath to break a list object into events. Based on your example, you can simply input "$results" in Add-on Builder -> your REST input -> Event extraction settings -> JSON path. And then we can preview the events after clicking Test button. ... View more

When AoB 2.2.0 released, we confirmed all the issues reported by Cloud vetting with App Inspect team. They are safe and no further actions need to follow up. We didn't update AoB for 2 years, however, App Inspect team updates the vetting rules continuously. Maybe we can ask them about this question. Also they might be able to clarify what does "manual check" mean - if their team would check these issues for users, when users can get the results; if users should check by themselves, how cloud they mark them as "passed" and unblock the app uploading, etc. ... View more

DBX is more like a protocol such as TCP, file monitoring & HEC. For these common tunnels, users can ingest ANY data for ANY sources, so users should be able to input source or sourcetype. However, this is only my impression. If you do have such requirements, please file a JIRA and our PM may consider it. Thanks. ... View more

Source or Sourcetype is the bridge of data inputs & field extractions. Any specific addons should not expose them unless end users want to build both by themselves like developers. Anyways, if you do want to do this, one workaround here. Use Python data input, and compose the event by replacing helper.get_sourcetype() or helper.get_input_type() with your customized parameters. Blockquote event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data) ew.write_event(event) ... View more

oh, you want to expose source or source type to end users. Per addon best practice, these index time fields should input by developers rather than users. The reason is that addon is built for a specific data source, and developers should know the proper source or source type names, as well as the field extractions associated. So leave these values to end users may have some potential risks on field extraction. AoB doesn't support this yet. If you still want to do this, pls refer this link which allows users input index. https://answers.splunk.com/answers/679480/splunk-addon-builder-how-to-create-an-input-that-s.html ... View more

Please check the doc https://docs.splunk.com/Documentation/AddonBuilder/2.2.0/UserGuide/ConfigureDataCollectionAdvanced https://docs.splunk.com/Documentation/AddonBuilder/2.2.0/UserGuide/ManageSourceTypes ... View more

If you use REST API input, unfortunately it only supports JSON. You can try to: 1. Check if it's possible to get JSON response rather than XML. Some REST endpoint accepts parameters like ?format=json in the URL 2. Switch to Python code input in AoB. You need to right some basic Python codes to send request, then parse the XML and do whatever you want before indexing them. ... View more

Is that OAUTH? AoB doesnt support OAUTH yet, if you need to open a new page and input credentials rather than a REST endpoint. ... View more

Do you enable any proxy in AoB? Any specific headers? Or any default license files in your OS? You can setup log level in global settings, when building the UI. ... View more

Can you give a name of your JSON as a key? You can also check the source codes of helper function, or REST API to operate Splunk KVStore. ... View more

Any error logs? ... View more

You can use following functions to do this, although they are designed for checkpoint... # save checkpoint helper.save_check_point(key, state) # delete checkpoint helper.delete_check_point(key) # get checkpoint state = helper.get_check_point(key) ... View more

Good catch. You can add ":" in the regex to match the host name like this: allowed = re.compile('(?!-)[A-Z\d-: ]{1,63}(? ... View more

AoB test works but data input doesn't work? I guess sth wrong with your data input or environment, since there should be some logs in _internal at least, either from splunkd or addon. Sorry I cannot triage it without more details, like the code, addon package, splunk diag, etc. You can try to contact a support, create a JIRA and upload your diag. Thanks. ... View more

Sorry AoB doesnt have this feature currently. Tokens only work in REST input page. ... View more

.tgz file is exported from AoB, then you can import it to another AoB and continue developing it. .spl file is an addon package, you can install it and use it as a normal app/addon, but cannot develop it in AoB. That's why you can see it in "other apps and addons". Please make sure you use the correct package. ... View more

If you downloaded the .spl package from Addon Builder, it's nothing special as a normal app. Do these 2 paths exist on your windows machine? Please check your folder permission as well. ... View more

Openjdk 8 will be supported in next DBX release 3.1.4(next month maybe). ... View more

What notable event id you want to use? Could you please post your codes? ... View more