ksconf rest-export¶
Deprecated since version 0.7.0: You should consider using ksconf rest-publish instead of this one.
The only remaining valid use case for rest-export
(this command) is for disconnected scenarios.
In other words, if you need to push stanzas to a splunkd instance where you don’t (an can’t) install ksconf
,
then this command may still be useful to you.
In this case, ksconf rest-export
can create a shell script that you can transfer to the correct network,
and then run the shell script.
But for ALL other use cases, the rest-publish
command is superior.
Build an executable script of the stanzas in a configuration file that can be later applied to a running Splunk instance via the Splunkd REST endpoint.
This can be helpful when pushing complex props & transforms to an instance where you only have UI access and can’t directly publish an app.
usage: ksconf rest-export [-h] [--output FILE] [--disable-auth-output]
[--pretty-print] [-u | -D] [--url URL] [--app APP]
[--user USER] [--owner OWNER] [--conf TYPE]
[--extra-args EXTRA_ARGS]
CONF [CONF ...]
Positional Arguments¶
CONF | Configuration file(s) to export settings from. |
Named Arguments¶
--output, -t | Save the shell script output to this file. If not provided, the output is written to standard output. |
-u, --update | Assume that the REST entities already exist. By default output assumes stanzas are being created. |
-D, --delete | Remove existing REST entities. This is a destructive operation. In this mode, stanzas attributes are unnecessary and ignored. NOTE: This works for ‘local’ entities only; the default folder cannot be updated. |
--url | URL of Splunkd. Default: “https://localhost:8089” |
--app | Set the namespace (app name) for the endpoint |
--user | Deprecated. Use –owner instead. |
--owner | Set the object owner. Typically the default of ‘nobody’ is ideal if you want to share the configurations at the app-level. |
--conf | Explicitly set the configuration file type. By default this is derived from CONF, but sometime it’s helpful set this explicitly. Can be any valid Splunk conf file type, example include ‘app’, ‘props’, ‘tags’, ‘savedsearches’, and so on. |
--extra-args | Extra arguments to pass to all CURL commands. Quote arguments on the command line to prevent confusion between arguments to ksconf vs curl. |
Output Control¶
--disable-auth-output | |
Turn off sample login curl commands from the output. | |
--pretty-print, -p | |
Enable pretty-printing. Make shell output a bit more readable by splitting entries across lines. |
Warning
For interactive use only
This command is indented for manual admin workflows. It’s quite possible that shell escaping bugs exist that may allow full shell access if you put this into an automated workflow. Evaluate the risks, review the code, and run as a least-privilege user, and be responsible.
Roadmap¶
For now the assumption is that curl
command will be used. (Patches to support the Power Shell
Invoke-WebRequest
cmdlet would be greatly welcomed!)
Example¶
ksconf rest-export --output=apply_props.sh etc/app/Splunk_TA_aws/local/props.conf