TIPS & TRICKS

Modular Inputs Tools

Tools

I’m a tools kind of a guy. I like things that make my life easier or allow me to accomplish some task that would be otherwise prohibitive. I also like Tool the band , but that’s another blog.

And so it is with software. Languages, libraries, frameworks are just tools that make it easier for us to accomplish some task.

Modular Inputs

With the release of Splunk 5 came a great new feature called Modular Inputs.

Modular Inputs extend the Splunk framework to define a custom input capability.In many respects you can think of them as your old friend the “scripted input” , but elevated to first class citizen status in the Splunk Manager. Splunk treats your custom input definitions as if they were part of Splunk’s native inputs and users interactively create and update the input via Splunk manager just as they would for native inputs (tcp, files etc…) The Modular Input’s lifecycle, schema, validation, configuration is all managed by Splunk. This is the big differentiator over scripted inputs which are very loosely coupled to Splunk.
What attracts me most to Modular Inputs  is the potential we have to build up a rich collection of these inputs and make is easier and quicker for users to get their data into Splunk.

Modular Inputs Tools

When I wrote my first modular input , there was certainly an initial learning curve to figuring out exactly how to do it. As powerful as modular inputs are , there are many semantics that have to be understood, for development and also building the release.

So I have created 2 Modular Inputs frameworks that should abstract the developer from having to understand all of these semantics up front , and instead just focus on developing their modular input’s business logic , significantly lowering the technical barrier of entry and getting to that point of productivity faster.

You can  write a modular input using any language , but for the most part my recommendation would be to stick with Python. It is more seamlessly integrated into the Splunk runtime. The reason you might use another language is if there is a specific library or runtime environment that your modular input depends upon.

The 2 modular inputs frameworks that I have created are for Python and Java. They can be cloned from github, and the best way to get started is to have a look at the hello world example implementations.

Python Modular Inputs framework

Github Repo

https://github.com/damiendallimore/SplunkModularInputsPythonFramework

Helloworld example

https://github.com/damiendallimore/SplunkModularInputsPythonFramework/tree/master/implementations/helloworld

Java Modular Inputs framework

Github Repo

https://github.com/damiendallimore/SplunkModularInputsJavaFramework

Helloworld example

https://github.com/damiendallimore/SplunkModularInputsJavaFramework/tree/master/helloworld

----------------------------------------------------
Thanks!
Damien Dallimore

Splunk
Posted by

Splunk

Join the Discussion