ksconf rest-export¶
Build an executable script of the stanzas in a configuration file that can be later applied to a running Splunk instance via the Splunkd REST endpoint.
This can be helpful when pushing complex props & transforms to an instance where you only have UI access and can’t directly publish an app.
usage: ksconf rest-export [-h] [--output FILE] [--disable-auth-output]
[--pretty-print] [-u | -D] [--url URL] [--app APP]
[--user USER] [--conf TYPE]
[--extra-args EXTRA_ARGS]
CONF [CONF ...]
Positional Arguments¶
| CONF | Configuration file(s) to export settings from. |
Named Arguments¶
| --output, -t | Save the shell script output to this file. If not provided, the output is written to standard output. |
| -u, --update | Assume that the REST entities already exist. By default output assumes stanzas are being created. (This is an unfortunate quark of the configs REST API) |
| -D, --delete | Remove existing REST entities. This is a destructive operation. In this mode, stanzas attributes are unnecessary and ignored. NOTE: This works for ‘local’ entities only; the default folder cannot be updated. |
| --url | URL of Splunkd. Default: “https://localhost:8089” |
| --app | Set the namespace (app name) for the endpoint |
| --user | Set the user associated. Typically the default of ‘nobody’ is ideal if you want to share the configurations at the app-level. |
| --conf | Explicitly set the configuration file type. By default this is derived from CONF, but sometime it’s helpful set this explicitly. Can be any valid Splunk conf file type, example include ‘app’, ‘props’, ‘tags’, ‘savesdearches’, and so on. |
| --extra-args | Extra arguments to pass to all CURL commands. Quote arguments on the commandline to prevent confusion between arguments to ksconf vs curl. |
Output Control¶
| --disable-auth-output | |
| Turn off sample login curl commands from the output. | |
| --pretty-print, -p | |
| Enable pretty-printing. Make shell output a bit more readable by splitting entries across lines. | |
Warning
For interactive use only
This command is indented for manual admin workflows. It’s quite possible that shell escaping bugs exist that may allow full shell access if you put this into an automated workflow. Evaluate the risks, review the code, and run as a least-privilege user, and be responsible.
Roadmap¶
For now the assumption is that curl command will be used. (Patches to support the Power Shell
Invoke-WebRequest cmdlet would be greatly welcomed!)
Example¶
ksconf rest-export --output=apply_props.sh etc/app/Splunk_TA_aws/local/props.conf