Configure data collection using a shell command
Configure the data inputs and setup page for your add-on in the Configure Data Collection page. This page displays a list of data inputs that configured for your add-on. Data inputs determine the method you use get data into your add-on:
After you configure data inputs for your add-on, you can manage them using the Configure Data Collection page in Add-on Builder. Data inputs you configure for your add-on also appear on the Inputs page for that add-on.
- Data inputs must be enabled so that Splunk Enterprise can index their data. Indexed data lets you perform field extractions and CIM mapping. The data inputs you configure are enabled by default.
- For each data input you configure, the Add-on Builder creates an input called "TAB_example", which is visible on the Inputs page in the add-on. This input is used by the Add-on Builder and must not be modified. To change settings for the data input, use the Configure Data Collection page in Add-on Builder.
Add-on users create new create a new input using the Inputs page in that add-on. Do not direct users to use the Settings > Data inputs page in Splunk Enterprise.
Add a data input using shell commands
Get data into your add-on by using a script of shell commands:
- On your add-on homepage, click Configure Data Collection.
- On the Configure Data Collection page, click Add Data.
- On the Choose Input Method page, select Modular input using shell commands.
- On the Data Input Properties tab:
- Enter a name for the source type to create for this data input.
- Enter an input display name, internal name, and description.
- Specify a data collection interval, in seconds.
- Optionally, click the Data Input Parameters tab to define parameters that you want to require for users that configure your data input.
For each parameter, drag a field from the Component Library to the center panel, then specify its properties in the Property Editor. - Optionally, click the Add-on Setup Parameters tab to define any parameters that are required for users to configure your add-on.
- Select predefined options to prompt for account, proxy, or logging settings.
- Add custom inputs by dragging fields from the Component Library to the center panel panel. Select an input to specify its properties in the Property Editor.
- Click Next.
- On the Data Input Definition tab:
- Under Command settings, enter the shell commands.
- Under Data input parameters, enter a sample value for each data input parameter for testing purposes.
- If you created a setup page, click the Add-on Setup Parameters tab to enter sample values for setup parameters for testing purposes.
- Click the Data Input Definition tab, then click Test to run the shell commands and test the data input configuration.
The Output section indicates whether the shell commands succeeded (sample data is displayed) or failed (the error message is displayed). - Click Save to save the data input, then click Finish.
For more about setup pages, see Create a setup page.
To use a value from a data input parameter in the REST URL, use the format ${internal_name}
, using the internal name defined for the parameter in the previous step. For more about passing parameter values to a REST call, see Pass values from data input parameters.
Pass values from data input parameters
Pass parameter values to a variable in a REST URL, a REST header, a REST body, and in a shell command.
Following the Mako syntax, use the format ${varname}
for the variable. Then, define a modular input variable for varname
.
Learn more
For more information, see the following Splunk Enterprise documentation:
- Source type naming conventions in the Splunk Add-ons manual.
- Create custom data inputs for Splunk Cloud Platform or Splunk Enterprise on the Splunk Developer Portal
- How to create modular inputs using Splunk SDK for Python on the Splunk Developer Portal
- Create a setup page for a Splunk app on the Splunk Developer Portal
Configure data collection using a REST API call | Configure data collection using your Python code |
This documentation applies to the following versions of Splunk® Add-on Builder: 4.2.0
Feedback submitted, thanks!