- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How do I use a Splunk _internal call to enable or ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I use a Splunk _internal call to enable or disable input from Splunk DB Connect?
Hello,
I am trying to enable/disable any input of the Splunk app DB Connect. To do that I found the internal call
POST /servicesNS/nobody/Splunk_TA_microsoft-sqlserver/configs/conf-db_inputs/MYINPUT/enable
POST /servicesNS/nobody/Splunk_TA_microsoft-sqlserver/configs/conf-db_inputs/MYINPUT/disable
But, I cannot find a way to do it with the _internal call
sudo -H -u splunk /opt/splunk/bin/splunk _internal call /servicesNS/nobody/Splunk_TA_microsoft-sqlserver/configs/conf-db_inputs/MYINPUT/enable
is there an easy way to do it (with the _internal call feature) ?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, in that case I have created Splunk Python SDK script as below, I have tested this script using splunk-sdk-python-1.6.4 for scheduled search and it is working fine so I hope this will work for you as well.
import sys
sys.path.append('splunk-sdk-python-1.6.4')
import splunklib.six as six
import urllib
from xml.etree import ElementTree
import getpass
HOST = raw_input("Enter splunk server hostname/ip: ")
PORT = 8089
splunkUser = raw_input("Enter Splunk Admin Username: ")
splunkPassword = getpass.getpass("Enter Splunk Admin Password: ")
ena_dis = raw_input("Enable OR Disable: ")
connection = six.moves.http_client.HTTPSConnection(HOST, PORT)
body = urllib.urlencode({'username': splunkUser, 'password': splunkPassword})
headers = {
'Content-Type': "application/x-www-form-urlencoded",
'Host': HOST,
}
connection.request("POST", "/services/auth/login", body, headers)
response = connection.getresponse()
content = response.read()
connection.close()
session_key = ElementTree.XML(body).findtext("./sessionKey")
# Please provide your input name in below syntax
input_encoded = urllib.quote("MYINPUT")
connection = six.moves.http_client.HTTPSConnection(HOST, PORT)
if ena_dis == 'Enable':
body = urllib.urlencode({'disabled': 0})
elif ena_dis == 'Disable':
body = urllib.urlencode({'disabled': 1})
else:
print("Please provide correct input for Enable/Disable")
sys.exit(1)
headers = {
'Content-Type': "application/x-www-form-urlencoded",
'Host': HOST,
'Authorization': "Splunk %s" % sessionKey
}
connection.request("POST", "/servicesNS/nobody/Splunk_TA_microsoft-sqlserver/configs/conf-db_inputs/" + input_encoded, body, headers)
response = connection.getresponse()
content = response.read()
connection.close()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @anthonypradal ,
Can you please try below command but I'll strongly recommend to run this command in test environment first.
Disable the input
curl -k -u admin:pass https://<SPLUNK_SERVER:8089>/servicesNS/nobody/Splunk_TA_microsoft-sqlserver/configs/conf-db_inputs/... -d disabled=1
Enable the Input
curl -k -u admin:pass https://<SPLUNK_SERVER:8089>/servicesNS/nobody/Splunk_TA_microsoft-sqlserver/configs/conf-db_inputs/... -d disabled=0
Thanks,
Harshil
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply. Indeed, I already manage to do it with curl but, we are using a strong backend using the SDK. i would like to use the Splunk SDK (if possible) using their feature internal call.
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
