The following imports allow these classes to be imported via the splunklib.modularinput package like so:
from splunklib.modularinput import *
Class representing an argument to a modular input kind.
Argument is meant to be used with Scheme to generate an XML definition of the modular input kind that Splunk understands.
name is the only required parameter for the constructor.
Example with least parameters:
arg1 = Argument(name="arg1")Example with all parameters:
arg2 = Argument( name="arg2", description="This is an argument with lots of parameters", validation="is_pos_int('some_name')", data_type=Argument.data_type_number, required_on_edit=True, required_on_create=True )
Adds an Argument object to this ElementTree document.
Adds an <arg> subelement to the parent element, typically <args> and sets up its subelements with their respective text.
Parameters: | parent – An ET.Element to be the parent of a new <arg> subelement |
---|---|
Returns: | An ET.Element object representing this argument. |
Represents an event or fragment of an event to be written by this modular input to Splunk.
To write an input to a stream, call the write_to function, passing in a stream.
Write an XML representation of self, an Event object, to the given stream.
The Event object will only be written if its data field is defined, otherwise a ValueError is raised.
Parameters: | stream – stream to write XML to. |
---|
EventWriter writes events and error messages to Splunk from a modular input.
Its two important methods are writeEvent, which takes an Event object, and log, which takes a severity and an error message.
Write the closing </stream> tag to make this XML well formed.
Logs messages about the state of this modular input to Splunk. These messages will show up in Splunk’s internal logs.
Parameters: |
|
---|
Writes an Event object to Splunk.
Parameters: | event – An Event object. |
---|
Writes a string representation of an ElementTree object to the output stream.
Parameters: | document – An ElementTree object. |
---|
InputDefinition encodes the XML defining inputs that Splunk passes to a modular input script.
Example:
i = InputDefinition()
Parse a stream containing XML into an InputDefinition.
Parameters: | stream – stream containing XML to parse. |
---|---|
Returns: | definition: an InputDefinition object. |
Class representing the metadata for a modular input kind.
A Scheme specifies a title, description, several options of how Splunk should run modular inputs of this kind, and a set of arguments which define a particular modular input’s properties.
The primary use of Scheme is to abstract away the construction of XML to feed to Splunk.
Add the provided argument, arg, to the self.arguments list.
Parameters: | arg – An Argument object to add to self.arguments. |
---|
Creates an ET.Element representing self, then returns it.
:returns root, an ET.Element representing this scheme.
An abstract base class for implementing modular inputs.
Subclasses should override get_scheme, stream_events, and optionally validate_input if the modular input uses external validation.
The run function is used to run modular inputs; it typically should not be overridden.
The scheme defines the parameters understood by this modular input.
Returns: | a Scheme object representing the parameters for this modular input. |
---|
Runs this modular input
Parameters: | args – List of command line arguments passed to this script. |
---|---|
Returns: | An integer to be used as the exit value of this program. |
Handles all the specifics of running a modular input
Parameters: |
|
---|---|
Returns: | An integer to be used as the exit value of this program. |
The method called to stream events into Splunk. It should do all of its output via EventWriter rather than assuming that there is a console attached.
Parameters: |
|
---|
Handles external validation for modular input kinds. When Splunk calls a modular input script in validation mode, it will pass in an XML document giving information about the Splunk instance (so you can call back into it if needed) and the name and parameters of the proposed input.
If this function does not throw an exception, the validation is assumed to succeed. Otherwise any errors thrown will be turned into a string and logged back to Splunk.
The default implementation always passes.
Parameters: | definition – The parameters for the proposed input passed by splunkd. |
---|
This class represents the XML sent by Splunk for external validation of a new modular input.
Example:
v = ValidationDefinition()
Creates a ValidationDefinition from a provided stream containing XML.
The XML typically will look like
<server_host>myHost</server_host> <server_uri>https://127.0.0.1:8089</server_uri> <session_key>123102983109283019283</session_key> <checkpoint_dir>/opt/splunk/var/lib/splunk/modinputs</checkpoint_dir> <item name=”myScheme”>
<param name=”param1”>value1</param> <param_list name=”param2”>
<value>value2</value> <value>value3</value> <value>value4</value></param_list>
</item>
</items>
Parameters: | stream – Stream containing XML to parse. |
---|---|
Return definition: | |
A ValidationDefinition object. |