Summertime ACS Updates

We've had quite the stellar run with Admin Config Service (ACS), and the month of July is no exception! For those of you new to ACS, it is a cloud-native API that provides self-service administration capabilities for Splunk Cloud Platform. As of July 28th, 2022, ACS has now introduced some new capabilities both to the ACS API itself, as well as the ACS Command Line Interface (CLI).

Before we dig into the major updates this month, a little history: over the last year ACS has introduced support for things like app installation (private & Splunkbase), index creation, HEC token creation, IP Allow List, and Limits.conf settings management; all via an intuitive, modern, REST API, and extremely handy CLI. Additionally, we've even spent time going back and enhancing existing APIs, such as adding DDAA and DDSS support for index creation.

We've seen the Splunk Admin community come up with amazing and innovative ways to leverage these APIs, like integrating CI/CD processes with their Splunk Cloud Stack(s), to our amazing partners "terraforming" new stacks for their customers with standard app and limits.conf settings. 

As we've looked at new areas of need, we spent some time internally asking other Splunkers, like our Professional Services group, what value ACS could bring to their daily lives. It turns out that migrating to Splunk Cloud has seen incredible interest over the last 12 months, and a big part of those migrations involve app installs (public and private), index creation, HEC token creation, and a myriad of other tasks. After reviewing some prior migrations with our PS compatriots, we realized there was a lot of opportunity to introduce "bulk" operations for a number of repetitive tasks that occur during a Splunk Enterprise to Splunk Cloud migration.

While we can't cover all the details in a single blog post, I do want to point you to the excellent documentation for the ACS CLI.

Effectively, the team has built out some client-side logic in the CLI that allows you to pass a sort of "manifest" — in the form of a JSON file — to the CLI, and let it serially perform each operation on your Splunk Cloud stack.

The CLI also creates a client-side log file of each operation, allowing you to grab your coffee, come back and see how far things have progressed. I liken it to an astromech droid (you know which one) that helps get your Splunk Cloud stack in tip-top shape.

Now, before you run out and start testing these awesome new capabilities, there are some important details for the new APIs:

  • Bulk Splunkbase App Installs: Similar to the singleton version of this API, you need to pass/agree with the license on a per-app basis. The good news is that ACS CLI provides a new "bulk-fetch-license" option!
  • Indexes Bulk *: Currently the API supports bulk create and delete, but not bulk modify - which meets the biggest need today. That said, double check your JSON so that you have all the necessary configs set per each index definition.
  • Bulk Private App Installs: Also like the singleton version, you need to pass the --acs-legal-ack=Y, but only once in this case, and you point to a directory of your private apps

There's plenty more to unpack in a future blog post, and we'll be sure to highlight your stories as we continue to see you innovate with these new features!

Additional References:

Kyle Champlin

Posted by


Show All Tags
Show Less Tags