ksconf rest-publish¶
Note
This command effectively replace ksconf rest-export for all nearly all use cases.
The only thing that rest-publish can’t do that rest-export is handle a disconnected scenario.
But for ALL other use cases, the rest-publish (this command) command is far superior.
Note
This commands requires the Splunk Python SDK, which is automatically bundled with the Splunk app for KSCONF.
Publish stanzas in a .conf file to a running Splunk instance via REST. This requires access to the HTTPS endpoint of splunk. By default, ksconf will handle both the creation of new stanzas and the update of exists stanzas.
This can be used to push full configuration stanzas where you only have REST access and can’t directly publish an app.
Only attributes present in the conf file are pushed. While this may seem obvious, this fact can
have profound implications in certain situations, like when using this command for continuous
updates. This means that it’s possible for the source .conf to ultimately differ from what ends
up on the server’s .conf file. One way to avoid this is to explicitly remove object using
--delete mode first, and then insert a new copy of the object. Of course this means that
the object will be unavailable. The other impact is that diffs only compares and shows a subset
of attribute.
Be aware that, for consistency, the configs/conf-TYPE endpoint is used for this command. Therefore, a reload may be required for the server to use the published config settings.
usage: ksconf rest-publish [-h] [--conf TYPE] [-m META] [--url URL]
[--user USER] [--pass PASSWORD] [-k] [--app APP]
[--owner OWNER] [--sharing {user,app,global}] [-D]
CONF [CONF ...]
Positional Arguments¶
| CONF | Configuration file(s) to export settings from. |
Named Arguments¶
| --conf | Explicitly set the configuration file type. By default this is derived from CONF, but sometime it’s helpful set this explicitly. Can be any valid Splunk conf file type, example include ‘app’, ‘props’, ‘tags’, ‘savedsearches’, and so on. |
| -m, --meta | Specify one or more .meta files to determine the desired read & write ACLs, owner, and sharing for objects in the CONF file. |
| --url | URL of Splunkd. Default: “https://localhost:8089” |
| --user | Login username Splunkd. Default: “admin” |
| --pass | Login password Splunkd. Default: “changeme” |
| -k, --insecure | Disable SSL cert validation. |
| --app | Set the namespace (app name) for the endpoint |
| --owner | Set the user who owns the content. The default of ‘nobody’ works well for app-level sharing. |
| --sharing | Possible choices: user, app, global Set the sharing mode. |
| -D, --delete | Remove existing REST entities. This is a destructive operation. In this mode, stanzas attributes are unnecessary. NOTE: This works for ‘local’ entities only; the default folder cannot be updated. |
Examples¶
A simple example:
ksconf rest-publish etc/app/Splunk_TA_aws/local/props.conf \
--user admin --password secret --app Splunk_TA_aws --owner nobody --sharing global
This command also supports replaying metdata like ACLs:
ksconf rest-publish etc/app/Splunk_TA_aws/local/props.conf \
--meta etc/app/Splunk_TA_aws/metdata/local.meta \
--user admin --password secret --app Splunk_TA_aws