Re: How to display validation message for custom m...

yr0 · ‎07-06-2017

Hi,

I've created the modular input for Splunk 6.6.0 and indicated within the scheme that the input should use external validation.
When I submit new instance of my input, the validation gets invoked, and if it fails, the interface displays the error Encountered the following error while trying to save: Validation for scheme=(input name) failed: The script returned with exit status 1.

Could you suggest how to display the actual error message (thrown by script) instead of this one? I've tried logging the error, writing it with EventWriter instance, wrapping it in XML <error><message></message></error>, printing it to stdout and stderr.

Lastly, I tried creating a custom interface manager, however I'm not sure how to execute validation at server side when user presses 'Next' and display the error.

I'm using Python SDK (1.6.2)

Any help would be much appreciated.

yr0 · ‎08-23-2017

I ended up writing custom interface for my app, which included custom controller actions that returned readable errors for validation.
Kudos to Luke Murphey, whose Splunk Web Input really helped me understand how to write custom UI for the app.

I think external validation is useless if you can't tell the user what is the reason of failure. This seems like a huge design overlook for modular inputs. On the other hand, it's great that Splunk allows to tune the user interface to your needs - even though there is hardly any documentation on how to do it.

How to display validation message for custom modular input?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases