Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
splunk-sdk
Advanced tools
The Splunk Enterprise Software Development Kit (SDK) for JavaScript contains library code and examples designed to enable developers to build applications using the Splunk platform and JavaScript. This SDK supports server-side and client-side JavaScript.
For more information, see Splunk Enterprise SDK for JavaScript on the Splunk Developer Portal.
Node.js v 8.17.0, or v14 or later
The Splunk Enterprise SDK for JavaScript was tested with Node.js v8.17.0, v14.
Splunk Enterprise 9.0 or 8.2, or Splunk Cloud
The Splunk Enterprise SDK for JavaScript was tested with Splunk Enterprise 9.0 or 8.2, or Splunk Cloud.
Splunk Enterprise SDK for JavaScript
Download the SDK as a ZIP file or clone the repository:
git clone https://github.com/splunk/splunk-sdk-javascript.git
This section describes the basic steps for installing the Splunk Enterprise SDK for JavaScript.
To use the components from the Splunk Enterprise SDK for JavaScript on your web page, copy the /splunk-sdk-javascript/client directory to your web server. Then, include the splunk.js or splunk.min.js file from this directory in your code.
For example, include one of the following tags in your code:
<script type="text/javascript" src="/yourpath/splunk.js"></script>
Or:
<script type="text/javascript" src="/yourpath/splunk.min.js"></script>
You can also include the UI components, such as the Timeline and Charting controls. These UI component files (splunk.ui.timeline and splunk.ui.charting) are also in the /splunk-sdk-javascript/client directory.
To use the Splunk Enterprise SDK for JavaScript with your Node.js programs, install the SDK by running npm
in your project's directory as follows:
npm install splunk-sdk
Then, to include the Splunk Enterprise SDK for JavaScript, use the require
function in your code:
let splunkjs = require('splunk-sdk');
The following examples show you how to list search jobs using client-side and server-side code.
Previous Callback Approach:
let appName = "<app-name>";
service.apps().fetch(function (err, apps) {
if (err) {
done(err);
}
let appList = apps.list();
// other code
done();
});
From v2.x, Splunk Enterprise SDK for JavaScript methods are updated to return Promises, which will enable users to utilize Async/await feature of JS.
Promise Approach:
let appName = "<app-name>";
try {
let apps = await service.apps().fetch();
let appList = apps.list();
// other code
} catch (err) {
console.log("There was an error retrieving the list of applications:", err);
}
Note:
abort()
method has been replaced with 'response_timeout' parameter which enables user to specify the timeout for a particular API call.
This HTML example uses the Splunk Enterprise SDK for JavaScript to list all jobs:
<script type="text/javascript" src="splunk.js"></script>
<script type="text/javascript" src="jquery.min.js"></script>
<script type="text/javascript" charset="utf-8">
try {
let service = new splunkjs.Service({username: "admin", password: "changed!"});
await service.login();
console.log("Login was successful");
let jobs = await service.jobs().fetch();
let jobList = jobs.list();
for(let i = 0; i < jobList.length; i++) {
console.log("Job " + i + ": " + jobList[i].sid);
}
} catch(err) {
console.log(err);
}
</script>
This example shows how to use the Splunk Enterprise SDK for JavaScript and Node.js to list all jobs:
let splunkjs = require('splunk-sdk');
let service = new splunkjs.Service({username: "admin", password: "changed!"});
try {
await service.login();
console.log("Login was successful: " + success);
let jobs = await jobs.fetch();
let jobList = jobs.list();
for(let i = 0; i < jobList.length; i++) {
console.log("Job " + i + ": " + jobList[i].sid);
}
} catch(err) {
console.log(err);
}
# Create a sessionKey
curl -k -u <username>:<password> <scheme>://<host>:<port>/services/auth/login -d username=<username> -d password=<password>
let serviceWithSessionKey = new splunkjs.Service({
// Replace the host if you are accessing remote host
scheme: 'https',
host: 'localhost',
port: '8089',
sessionKey: SESSION_KEY, // Add your sessionKey here
version: '9.0',
});
try {
let jobs = await serviceWithSessionKey.jobs({ count: 1 });
console.log("Login successful with sessionKey");
} catch(err) {
console.log(err);
}
##### Login with token
```shell
#### From shell ####
# Enable token authetication
curl -k -u <username>:<password> -X POST <scheme>://<host>:<port>/services/admin/token-auth/tokens_auth -d disabled=false
# Create a token
curl -k -u <username>:<password> -X POST <scheme>://<host>:<port>/services/authorization/tokens?output_mode=json --data name=<username> --data audience=Users --data-urlencode expires_on=+30d
#### From web ####
# Enable token authentication
Go to settings > Tokens and click on 'Enable Token Authentication'
# Create a token
1. Go to settings > Token and click on 'New Token'
2. Enter the relevant information
3. Copy the created token and save it somewhere safe.
let serviceWithBearerToken = new splunkjs.Service({
// Replace the host if you are accessing remote host
scheme: 'https',
host: 'localhost',
port: '8089',
sessionKey: TOKEN, // Add your token here
version: '8',
});
try {
let res = await serviceWithBearerToken.jobs({ count: 2 });
console.log("Login successful with bearer token");
} catch(err) {
console.log(err);
}
Support for modular inputs is removed from Splunk Enterprise SDK for JavaScript and we recommand to use Splunk Enterprise SDK for Python for the modular inputs. See the Python SDK modular inputs example and PythonSDK modular inputs docs for reference.
The Splunk Enterprise SDK for JavaScript contains several server- and client-based examples, which are located in the Splunk App Example repo. For details, see the Splunk Enterprise SDK for JavaScript Examples on the Splunk Developer Portal.
To connect to Splunk Enterprise, many of the SDK unit tests take command-line arguments that specify values for the host, port, and login credentials for Splunk Enterprise. For convenience during development, you can store these arguments as key-value pairs in a text file named .splunkrc. Then, the SDK unit tests use the values from the .splunkrc file when you don't specify them.
Note: Storing login credentials in the .splunkrc file is only for convenience during development. This file isn't part of the Splunk platform and shouldn't be used for storing user credentials for production. And, if you're at all concerned about the security of your credentials, enter them at the command line rather than saving them in this file.
To use this convenience file, create a text file with the following format:
# Splunk Enterprise host (default: localhost)
host=localhost
# Splunk Enterprise admin port (default: 8089)
port=8089
# Splunk Enterprise username
username=admin
# Splunk Enterprise password
password=changed!
# Access scheme (default: https)
scheme=https
# Your version of Splunk Enterprise
version=9.0
Save the file as .splunkrc in the current user's home directory.
For example on OS X, save the file as:
~/.splunkrc
On Windows, save the file as:
C:\Users\currentusername\.splunkrc
You might get errors in Windows when you try to name the file because ".splunkrc" appears to be a nameless file with an extension. You can use the command line to create this file by going to the C:\Users\<currentusername> directory and entering the following command:
Notepad.exe .splunkrc
Click Yes, then continue creating the file.
let configs = svc.configurations(namespace);
configs = await configs.fetch();
// Create a key-value map to store under a stanza
const filename = "app.conf";
const stanzaName = "install";
let keyValueMap = {};
keyValueMap["state"] = "enabled";
keyValueMap["python.version"] = "python3";
// If file/stanza doesn't exist, it will be created
// else it will be updated.
await configs.createAsync(filename, stanzaName, keyValueMap);
The Splunk Enterprise SDK for JavaScript infrastructure relies on Node.js to build files, run examples, run tests, and generate documentation.
All development activities are managed by a helper script called sdkdo
. For a list of possible commands and options, open a command prompt in the splunk-sdk-javascript directory and enter:
node sdkdo --help
To rebuild and minify the browser files, open a command prompt in the splunk-sdk-javascript directory and enter: Note:- If any TypeError is encountered, please run "npm install" before running the below command.
node sdkdo compile
The Splunk Enterprise SDK for JavaScript includes several unit tests for each component. You can run individual test modules or run all tests. Some searches need to be running in your Splunk Enterprise instance before you run these tests. You can start some searches by logging into Splunk Web and opening the Search app, which runs a few searches to populate the dashboard.
Note: The SDK App Collection app is required for running unit tests.
To run the unit tests, open a command prompt in the splunk-sdk-javascript directory, then run the following commands.
To run all tests, enter:
node sdkdo tests
To run the HTTP and the utils tests, enter:
node sdkdo tests http,utils
To run tests containing a particular string, enter:
node sdkdo tests --grep "While success"
To run the browser tests, enter:
node sdkdo tests-browser
To run all unit tests without log messages, enter:
node sdkdo tests --quiet
To run all the tests and generate test report in splunk-sdk-javascript/mochawesome-report/mochawesome.html, enter:
node sdkdo tests --reporter mochawesome
To get more info to run tests, enter:
make test_specific
Directory | Description |
---|---|
/bin | Executable files (such as sdkdo) |
/client | Pre-built files for the browser |
/contrib | Packaged third-party dependencies (such as test runners) |
/docs | API reference documentation |
/lib | The SDK code files |
/licenses | License information for packaged third-party dependencies |
/node_modules | JavaScript modules used by Node.js |
/tests | Unit tests |
The CHANGELOG contains a description of changes for each version of the SDK. For the latest version, see the CHANGELOG.md on GitHub.
The master branch represents a stable and released version of the SDK. To learn about our branching model, see Branching Model on GitHub.
Resource | Description |
---|---|
Splunk Developer Portal | General developer documentation, tools, and examples |
Integrate the Splunk platform using development tools for JavaScript | Documentation for JavaScript development |
Splunk Enterprise SDK for JavaScript Reference | SDK API reference documentation |
REST API Reference Manual | Splunk REST API reference documentation |
Splunk>Docs | General documentation for the Splunk platform |
GitHub Wiki | Documentation for this SDK's repository on GitHub |
Splunk JavaScript SDK Examples | server- and client-based examples for the Splunk JavaScript SDK |
Stay connected with other developers building on the Splunk platform.
If you would like to contribute to the SDK, see Contributing to Splunk. For additional guidelines, see CONTRIBUTING.
You will be granted support if you or your company are already covered under an existing maintenance/support agreement. Submit a new case in the Support Portal and include "Splunk Enterprise SDK for JavaScript" in the subject line.
If you are not covered under an existing maintenance/support agreement, you can find help through the broader community at Splunk Answers.
Splunk will NOT provide support for SDKs if the core library (the code in the /splunklib directory) has been modified. If you modify an SDK and want support, you can find help through the broader community and Splunk Answers.
We would also like to know why you modified the core library, so please send feedback to devinfo@splunk.com.
File any issues on GitHub.
You can reach the Splunk Developer Platform team at devinfo@splunk.com.
The Splunk Enterprise Software Development Kit for JavaScript is licensed under the Apache License 2.0. See LICENSE for details.
v2.0.0
FAQs
SDK for usage with the Splunk REST API
The npm package splunk-sdk receives a total of 4,564 weekly downloads. As such, splunk-sdk popularity was classified as popular.
We found that splunk-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.