hvandenb / splunk-elasticsearch Goto Github PK

I run some client elasticsearch nodes behind a webserver so that I can put basic auth in front of them. Can you support this in your config?

Probably just me missing something out,
But I can't seem to find what host to connect to, and the documantation has nothing about this

Installed all requirements and everything looks good app wise

Seeing the App in Splunk - But when accessing it I get a 404 (trying to reach setup?)

Any ideas?

Specifically I am running splunklight-6.5.3 on CentOS7.

I ran the following commands to install your plugin.

sudo pip install elasticsearch
git clone https://github.com/hvandenb/splunk-elasticsearch.git
rsync -av splunk-elasticsearch /opt/splunk-daemon/etc/apps/
chown -R splunk:splunk /opt/splunk-daemon/etc/apps/splunk-elasticsearch
/opt/splunk-daemon/bin/splunk restart

Inside the splunk gui I don't see the elasticsearch app/add-on ==> https://imgur.com/a/ZNs52

What am I doing wrong? What configuration am I missing? Disregarding my other ticket about basic authentication, I've disabled that.

There is a typo, defaulField= str (sys.argv[i]).split("=")[1]

default is missing a "t" so the field will always query against message.

This means getting is ready for the market place as well

Hi,
I did everything and:

• added in essearch.py the line "import splunk.Intersplunk"
• found that the command is not esearch but simply es
• added the oauth2 in libraries
  I'm using splunk 6.5 and I'm getting this error:
  Error in 'es' command: command="es", NotImplementedError at "/opt/splunk/etc/apps/search-elasticsearch/bin/splunklib/searchcommands/search_command.py", line 331 : Command es appears to be statically configured and static configuration is unsupported by splunklib.searchcommands. Please ensure that default/commands.conf contains this stanza: [es] filename = es.py supports_getinfo = true supports_rawargs = true outputheader = true

I've already checked the commands.conf file and the configuration is correct.
What's wrong?
Please help
Thanks

I looked up the code and the search limit and earliest aren't actually realistic for real world use, and the command simply ignores the arguments so have you tried this ?

I may contribute but I assumed it didn't work for you so any suggestions ?

The documentation needs to be updated to show what configuration changes the user needs to make in order for this to work. For example:

1. Update README to say that you need to have a file called config.json
2. Where the user defines theaddress and port of the elasticsearch node
3. Anything else we need to know to get it to work.