Set up external validation
In your modular input script, it is a good idea to validate the configuration of your input. Specify <use_external_validation>true</use_external_validation>
in your introspection scheme to enable external validation.
If you provide an external validation routine and enable external validation the following occurs when a user creates or edits the configuration for a script:
1. Splunk software reads the configuration parameters from the user and creates an XML configuration of the parameters.
The XML configuration looks something like this:
<items> <server_host>myHost</server_host> <server_uri>https://127.0.0.1:8089</server_uri> <session_key>123102983109283019283</session_key> <checkpoint_dir>/opt/splunk/var/lib/splunk/modinputs</checkpoint_dir> <item name="myScheme"> <param name="param1">value1</param> <param_list name="param2"> <value>value2</value> <value>value3</value> <value>value4</value> </param_list> </item> </items>
Notes: The <items> element can only contain one <item>. (This is because you can only operate on one item at a time.) The XML stream itself must be encoded in UTF-8.
Refer to the Read XML configuration from splunkd section for a description of the XML configuration.
2. Splunk software invokes your script with the --validate-arguments option, passing in the XML configuration.
3. Your script validation routine determines if the configuration is valid.
- If the configuration is valid, your script exits with return status of zero.
- Otherwise the script exits with a non-zero status and a message indicating why configuration failed. Format the message in <error> tags so Splunk software can properly display the message in Splunk Web.
<error> <message>Access is denied.</message> </error>
The following snippets shows how the S3 example validates data returned from the Amazon S3 service. The snippet at the end shows how to provide the --validate-arguments option when invoking the script. This script has been made cross-compatible with Python 2 and Python 3 using python-future.
Validation snippets
. . . from builtins import str def get_validation_data(): val_data = {} # read everything from stdin val_str = sys.stdin.read() # parse the validation XML doc = xml.dom.minidom.parseString(val_str) root = doc.documentElement logging.debug("XML: found items") item_node = root.getElementsByTagName("item")[0] if item_node: logging.debug("XML: found item") name = item_node.getAttribute("name") val_data["stanza"] = name params_node = item_node.getElementsByTagName("param") for param in params_node: name = param.getAttribute("name") logging.debug("Found param %s" % name) if name and param.firstChild and \ param.firstChild.nodeType == param.firstChild.TEXT_NODE: val_data[name] = param.firstChild.data return val_data # make sure that the amazon credentials are good def validate_arguments(): val_data = get_validation_data() try: url = "s3://" + val_data["stanza"] bucket, obj = read_from_s3_uri(url) conn = get_http_connection(val_data["key_id"], val_data["secret_key"], bucket, obj, method = "HEAD") resp = conn.getresponse() log_response(resp) if resp.status != 200: raise Exception("Amazon returned HTTP status code %d (%s): %s" % (resp.status, resp.reason, get_amazon_error(resp.read()))) except Exception as e: print_error("Invalid configuration specified: %s" % str(e)) sys.exit(1) . . . # Provide --validate-arguments arg on startup if __name__ == '__main__': if len(sys.argv) > 1: if sys.argv[1] == "--scheme": do_scheme() elif sys.argv[1] == "--validate-arguments": validate_arguments() elif sys.argv[1] == "--test": test() else: usage() else: # just request data from S3 run()
Set up logging | Data checkpoints |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!