When using the Splunk Python SDK, connecting to a Splunk instance is very easy as is described here: http://dev.splunk.com/view/python-sdk/SP-CAAAEE4
This typically uses the Splunk server address, port username and password. Is there a better way to establish a connection to the local Splunk instance from an app? The doc mentions cookies but I am unsure how to use them.
Yes, on a single instance of Splunk, this is easy. In a distributed install, not so much. There is, as far as I am aware, no way to get an authentication token that will authorize you to a whole Splunk cluster, so you must authenticate individually to each node. On the instance you're running your modular input on however, this is supported.
If you look at the XML passed back to your modular input, there is a session token present. I'm not all that familiar with the python SDK, but it looks like maybe it's the get_scheme()
method on splunklib.modularinput.Script
. See:
http://docs.splunk.com/Documentation/Splunk/7.1.2/AdvancedDev/ModInputsScripts#Define_a_scheme_for_i...
http://docs.splunk.com/Documentation/PythonSDK
The token you receive from the modular input is passed to connect as the token
parameter.
http://dev.splunk.com/view/python-sdk/SP-CAAAEE4
Yes, on a single instance of Splunk, this is easy. In a distributed install, not so much. There is, as far as I am aware, no way to get an authentication token that will authorize you to a whole Splunk cluster, so you must authenticate individually to each node. On the instance you're running your modular input on however, this is supported.
If you look at the XML passed back to your modular input, there is a session token present. I'm not all that familiar with the python SDK, but it looks like maybe it's the get_scheme()
method on splunklib.modularinput.Script
. See:
http://docs.splunk.com/Documentation/Splunk/7.1.2/AdvancedDev/ModInputsScripts#Define_a_scheme_for_i...
http://docs.splunk.com/Documentation/PythonSDK
The token you receive from the modular input is passed to connect as the token
parameter.
http://dev.splunk.com/view/python-sdk/SP-CAAAEE4
That proved to be the right hint. When sub-classing splunklib.modularinput.script as is described here, one can simply use self.service
for example: job = self.service.jobs.create(search)
where search
is an actual Splunk search.
Do you want to connect a Splunk App which back to the Splunk Instance, or do you have a 'standalone' app which should connect to Splunk?
Splunk knows a sessionid which has a limited lifespan and can be used to authenticate a connections.
The App is a custom developed app that defines a modular input (json from an API call). It would be nice - at least during development - to give the app the possibility to check on data that was already stored in splunk earlier by that same app. Currently, this is done using username and password but a more elegant way such as using a token, maybe specific to that case would be nice.