This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13
Use the splunk.bundle module from the Python SDK to access and edit configuration files.
Getting and setting stanzas or key/value pairs is the same as any Python dictionary:
myConf = getConf('prefs', mysessionKey)
# get the 'default' stanza in the 'prefs' conf file
s = myConf['default']
# get the 'color' property in the 'default' stanza of the 'prefs' conf
color = myConf['default']['color']
# set the 'color' property in the 'default' stanza of the 'prefs' conf
# this is an immediate write
myConf['default']['color'] = 'green'
If you are doing a large number of writes, you can defer the commit action:
myConf.beginBatch()
myConf['default']['car1'] = 'honda'
myConf['default']['car2'] = 'bmw'
myConf['default']['car3'] = 'lexus'
myConf['default']['car4'] = 'pinto'
myConf['default']['car5'] = 'VW'
myConf.commitBatch()
Import the necessary modules:
import from splunk auth import splunk.bundle as bu
Get a session key:
mysessionKey=auth.getSessionKey('admin','changeme')
Access the configuration file:
myConf = bu.getConf('alert_actions', mysessionKey)
This example uses the alert_actions.conf file, but you can access any valid configuration file.
Set the mail server attribute in the email stanza in alert_actions.conf:
myConf['email']['mailserver']='smtp.roadrunner.com'
Or do a batch change to multiple attributes and values:
myConf.beginBatch() myConf['email']['mailserver']='theothers.com' myConf['email']['format']='csv' myConf['email']['from']='john_locke' myConf.commitBatch()