Splunk Python Modular Inputs v1.0
This is a simple template based framework for building Splunk Modular Inputs in Python
It contains an example HelloWorld Modular Input that you can use as a practical reference to follow.
- Splunk 5+
- Clone the repository and setup a project in your IDE ie: Eclipse
In the below instructions , "NAME" refers to the name of your new modular input
- Copy the "template" directory to the "implementations" directory and rename it "NAME"
- Set the "NAME" in build/build.properties
- Rename bin/modinput.py to bin/NAME.py
Implementing your new modular input
Browse to the implementations/NAME directory There are several placeholders that you have to fill in
The Python script
From step 7 above , this is where you implement your mod input's core processing logic. Again , there are just some placeholders you need to fill in.
- fill in the "SCHEME" xml string
- implement the do_validate() function , if you are using external validation
- implement the do_run() function
Build a release
This will build a SplunkBase compatible release tarball.
- run the Ant target "build_modular_input" in build/build.xml
- the release will get written to the "releases" directory
- copy to $SPLUNK_HOME/etc/apps , untar , restart Splunk, and test away.
This project was initiated by Damien Dallimore