Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Best way to create a custom config for an app

Leo
Splunk Employee
Splunk Employee
‎04-30-2010 06:14 PM

Ok, so now my app has a scripted input (Powershell) and setup.xml is communicating with an eai endpoint defined inside the app. That's great, but the question is how should I manage the configuration of my scripted input such as target's hostname, user credentials, etc?

My first thought was to keep this information inside a plain xml file and have my script and the endpoint access it. But I guess this solution will make the settings global and won't work scale for multiple users, so I think I'm expected to use *.conf files instead. Plus it adds some inconsistency to the way Splunk keeps its configs.

Going this way to collect the actual config in my script I should not only read a conf file from default\, but also merge it with a conf from local\ and, possibly, respect a conf inside users\someuser\myapp\my.conf. The last part seems confusing to me. How can I tell from my script which user's .conf should I read?

Anyway that's just too many of details to implement in my simple script. I believe there should be a simpler way to manage config without duplicating what Splunk already can do. I guess my script could read the config from my app's EAI endpoint, but for this it needs to authenticate first. If I could pass the script a session key somehow that would be great..

What would you recommend? Just stick with a simple xml? thanks 🙂

Reply

melting
Splunk Employee
Splunk Employee
‎09-19-2012 01:31 PM

Perhaps you could leverage the CLI?

splunk btool layer

0 Karma
Reply

klee310
Communicator
‎03-31-2011 10:20 AM

also looking for some sign of an answer here. I don't want to use scripted input since i have 40+ fields in my setup.xml and i'm guess 100+ saved searches would have to reference a different script each. Is there any way to access these fields directly from the search bar?

0 Karma
Reply

erydberg
Splunk Employee
Splunk Employee
‎06-11-2010 09:52 PM

I guess you've already figured this one out since it's more than a month old, but i figured I'd answer in case anyone else wonders.

If you decide to use an .conf you can use splunk's built-in lib to access it, it's in splunk.clilib.cli_common, you can do something like this:

import splunk.clilib.cli_common 
...
settings = splunk.clilib.cli_common.getConfStanza(my_conf_name,wanted_stanza)

The getConfStanza-function returns a dictionary with all your key-value pairs for that stanza.

Reply

erydberg
Splunk Employee
Splunk Employee
‎06-14-2010 04:29 PM

Okay, do you know is there any difference between the two ways?

0 Karma
Reply

Leo
Splunk Employee
Splunk Employee
‎06-12-2010 06:13 AM

thanks, although I still have no good solution for my case of using a non-python scripted input. By the way, you can also use readConf() from splunk.admin to get .conf data as a dictionary.

0 Karma
Reply

erydberg
Splunk Employee
Splunk Employee
‎06-11-2010 10:03 PM

Ah, this might not work for you... Well, if anyone else uses scripted input in python this is a way to solve the problem. 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...