Help me get started with a custom Splunk Lookup or...

daniel333 · ‎05-03-2017

All,

We are a user of Puppet and it's PuppetDB service. Which is a great place to get system information. I can from the command line pull custome infomation ("facts") with this command

Command Used:
/usr/bin/curl --silent -X GET http://puppetdblvsp.somecompany.com:8080/v3/facts --data-urlencode 'query=["=", "name","ipaddress"]' | sed ':a;N;$!ba;s/\n/ /g' | sed 's#}, {#\n#g'| awk -F '"' '{ printf "%-30s*%-30s\n", $12, $4}' | sort -n -t* -k 1 | tr '' ' ' | sed 's/[ ]$//' | grep -E 'log'

When run it returns a nice CSV of the data I want. I looked over the guides to creating a custom command and it went over my head with all the Python. I am guessing Bash is supported? Any one have a walk through on getting started with this?

thanks

DalJeanis · ‎05-04-2017

1) Start with this ...

https://splunkbase.splunk.com/app/1701/

You should be able to see how that works and duplicate it for your custom requirements.

2) It is better to write your titles so that people can see at a glance what your issue or request is. For example: "How can/does splunk pull data from Puppet?"

3) Including puppet as a keyword would also be helpful, in case Puppetmasters are following the keyword but not following general questions and discussions...

4) Here's some other useful answers...

https://answers.splunk.com/answers/345/does-splunk-play-nice-with-puppet.html

5) There's a lot out there for splunk-to-puppet and puppet-to-splunk and puppet-manages-splunk. Not sure what this does yet, but here's a major open source project on it...

https://www.openhub.net/p/splunk-puppet

Help me get started with a custom Splunk Lookup or command

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!