Solved: Find splunkd Port From Custom Search Command

David · ‎04-25-2015

I have a custom search command that goes and hits the splunkd API. This works great in my dev environment where I can hardcode the splunkd port, but I'm trying to figure out how to figure this out dynamically. Since it hands me the path to my script, I've thought of grepping out the "splunk cmd btool web list settings" but that would introduce platform headaches (in addition to being ugly).

Is there any correct way to do this?

Similar Question regarding Scripted Input: http://answers.splunk.com/answers/232140/find-splunkd-port-from-scripted-input.html

gblock_splunk · ‎04-25-2015

Hi David

Are you using our Python SDK to create the search command? If so, we expose a Service object that you can use to talk back to Splunk which is already pre-configured.

If you look here you will see we expose a 'service' property that you can just grab.

In order to enable this to be initialized, you have to put the following in your commands.conf as the comment I linked to indicates.

enableheader=true
requires_srinfo=true

This will tell Splunk to send over a session token to the command so that it can talk back via the API.

View solution in original post

gblock_splunk · ‎04-25-2015

Hi David

Are you using our Python SDK to create the search command? If so, we expose a Service object that you can use to talk back to Splunk which is already pre-configured.

If you look here you will see we expose a 'service' property that you can just grab.

In order to enable this to be initialized, you have to put the following in your commands.conf as the comment I linked to indicates.

enableheader=true
requires_srinfo=true

This will tell Splunk to send over a session token to the command so that it can talk back via the API.

David · ‎04-26-2015

The python sdk approach would probably be a really smart way for me to approach this, but in this case I'm not using the SDK. You did clue me in to using the built in tools. Here's what ended up working for me:

import splunk.entity, splunk.Intersplunk
records = splunk.Intersplunk.readResults(settings = settings, has_header = True)
entity = splunk.entity.getEntity('/server','settings', namespace='[INSERTAPPNAME]', sessionKey=settings['sessionKey'], owner='-')
mydict = dict()  
mydict = entity
myPort = mydict['mgmtHostPort']
[...]
base_url = "https://127.0.0.1:" + myPort
request = urllib2.Request(base_url + '/servicesNS/-/[INSERTAPPNAME]/properties/macros/' + macroname,
    data = urllib.urlencode({'definition': macrovalue}),
    headers = { 'Authorization': ('Splunk %s' %settings['sessionKey'])})
search_results = urllib2.urlopen(request)
print "output"
print search_results.read()

For completeness, my commands.conf is:

[updatemacro]
filename = UpdateMacro.py
type = python
local = true
stderr_dest = message
passauth = true

David · ‎04-26-2015

I went through the same process with scripted inputs -- cross-posting in case anyone needs to get there but came here via google. http://answers.splunk.com/answers/232140/find-splunkd-port-from-scripted-input.html

gblock_splunk · ‎04-26-2015

Cool. My next suggestion if you were not using the SDK was going to suggest you replicate what we did, which you did 🙂

Find splunkd Port From Custom Search Command

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM