Hello, I have created a modular input using the example of splunk-app-example. It extends the class Script and I modified the get_scheme function adding arguments (example) key_secret = Argument("key_secret") key_secret.title = "Key Secret" key_secret.data_type = Argument.data_type_string key_secret.required_on_create = True   This code allows to save key_secret as a plain string, which is clearly unsecure. Investigating I reached to the storage_password endpoints, and I added the following to stream_events method: if key_secret != "": secrets = self.service.storage_passwords storage_passwords = self.service.storage_passwords storage_password = storage_passwords.create(key_secret, key_id, tenant) input_item.update({"key_secret": ""}) else: key_secret = next(secret for secret in secrets if (secret.realm == tenant and secret.username == key_id)).clear_password This is not working, as I cannot modify the input definition, is storing both in storage_passwords and in inputs.conf. Is there any way in code to delete the inputs.conf password, or what is the correct way to manage this? Thanks!     ... View more

Hello all, We are using an RSyslog to write logs to file in a Heavy Forwarder but we found that it was escaping tabs as #011. We found a solution that is apply to the file source a SEDCMD as follows: inputs.conf   [monitor:///opt/splunk-data/<datafile>] sourcetype=<datasource>    props.conf   [source::///opt/splunk-data/<datafile>] SEDCMD-fix_tab = s/#011/ /g     We applied the configuration and restarted the HF and worked by about 15 minutes but then suddenly stopped to change this character by a tab. Why can this happen? Thank you! ... View more