Although this framework is fully functional and stable, since it was released Splunk have now created their own Python Modular Inputs librarys. So I recommend that you use the formally Splunk developed and supported offering that can be found here : http://dev.splunk.com/view/python-sdk/SP-CAAAER3
This is a simple template based framework for building Splunk Modular Inputs in Python
It contains an example HelloWorld Modular Input that you can use as a practical reference to follow.
- Splunk 5+
- Clone the repository and setup a project in your IDE ie: Eclipse
In the below instructions , "NAME" refers to the name of your new modular input
- Copy the "template" directory to the "implementations" directory and rename it "NAME"
- Set the "NAME" in build/build.properties
- Rename bin/modinput.py to bin/NAME.py
Browse to the implementations/NAME directory There are several placeholders that you have to fill in
- README/inputs.conf.spec
- default/app.conf
- defaults/data/ui/manager/modinput.xml
- appserver/static/appIcon.png
- appserver/static/screenshot.png
- appserver/static/README.md
- bin/NAME.py
From step 7 above , this is where you implement your mod input's core processing logic. Again , there are just some placeholders you need to fill in.
- fill in the "SCHEME" xml string
- implement the do_validate() function , if you are using external validation
- implement the do_run() function
This will build a SplunkBase compatible release tarball.
- run the Ant target "build_modular_input" in build/build.xml
- the release will get written to the "releases" directory
- copy to $SPLUNK_HOME/etc/apps , untar , restart Splunk, and test away.
This project was initiated by Damien Dallimore
[email protected] | |
@damiendallimore |