Open rhys-intelliflo opened 6 years ago
halr9000
commented
6 years ago @rhys-intelliflo nothing active in the pipe to my knowledge, but let's chat about it? You can find me on the Splunk-usergroups Slack team (https://docs.splunk.com/Documentation/Community/1.0/community/Chat), or my first name at splunk.com.
halr9000
commented
6 years ago Or right here is fine. :) What are your thoughts on what you would like to accomplish with Splunk & PowerShell?
rhys-intelliflo
commented
6 years ago Sounds cool, I was considering building DSC resources to compliment the work you've already done, I've tested this module against a current splunk instance and so far things are working. Only attempted Get-*'s. What I'd like to see is a full list of parameters of each file e.g. indexes.conf etc. in a programmatic format (e.g. XML, JSON etc) so I can programmatically create the resources. Screenscraping the splunk docs site would be painful
halr9000
commented
6 years ago I love the ideas @rhys-intelliflo! I wanted to work on a DSC resource, but never was able to make it happen. On the latter, the best thing is to look to the .spec files. They are in our docs, but even better, they are in every copy of Splunk, and they are machine parseable with a small bit of effort! Look in $SPLUNK_HOME/etc/system/README/ (from pwsh on a mac):
PS /Applications/Splunk/etc/system/README> gci *.spec | fw
Directory: /Applications/Splunk/etc/system/README
alert_actions.conf.spec app.conf.spec
audit.conf.spec authentication.conf.spec
authorize.conf.spec checklist.conf.spec
collections.conf.spec commands.conf.spec
datamodels.conf.spec datatypesbnf.conf.spec
default-mode.conf.spec default.meta.spec
deployment.conf.spec deploymentclient.conf.spec
distsearch.conf.spec event_renderers.conf.spec
eventdiscoverer.conf.spec eventtypes.conf.spec
fields.conf.spec health.conf.spec
indexes.conf.spec inputs.conf.spec
instance.cfg.spec limits.conf.spec
literals.conf.spec livetail.conf.spec
macros.conf.spec messages.conf.spec
multikv.conf.spec outputs.conf.spec
passwords.conf.spec procmon-filters.conf.spec
props.conf.spec pubsub.conf.spec
restmap.conf.spec savedsearches.conf.spec
searchbnf.conf.spec segmenters.conf.spec
server.conf.spec serverclass.conf.spec
serverclass.seed.xml.spec setup.xml.spec
source-classifier.conf.spec sourcetypes.conf.spec
splunk-launch.conf.spec tags.conf.spec
times.conf.spec transactiontypes.conf.spec
transforms.conf.spec ui-prefs.conf.spec
ui-tour.conf.spec user-prefs.conf.spec
user-seed.conf.spec viewstates.conf.spec
visualizations.conf.spec web.conf.spec
wmi.conf.spec workflow_actions.conf.spec From talking with the PM's here, we've decided to archive this repo. But don't take that as a bad thing. It's just a recognition of the read-only state that the project has been in for some time now. What I would encourage you to do is to fork this repository (it's open source -- just go for it), and then let's huddle on the splunk-usergroups slack and your forked repo and see if there's any other Splunk + PowerShell fans who want to contribute. Might also want to try the powershell slack, I know tons of guys there as well, and it's possible that some have Splunk and never thought to put the two together.
As far as me personally, I would love to at least be an advisor if I can carve off time here and there. For anything significant, I would have to go through an OSS process internally which I'm willing, but not sure I have the time to devote at this time, so don't want to promise much.
Feel free to contact me via email, github mentions or slack.
Hey Splunk,
Are there any plans to revive this project?
Cheers, Rhys