Skip to content

Commit

Permalink
docs: updated README
Browse files Browse the repository at this point in the history
  • Loading branch information
c-x committed Jul 3, 2024
1 parent 02d1714 commit 507005a
Showing 1 changed file with 11 additions and 42 deletions.
53 changes: 11 additions & 42 deletions splunk/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,51 +2,22 @@

The Splunk plugin allows integrating LogCraft CLI with Cisco Splunk.

## Installation

## Getting the bits

### Releases

This is the recommended approach for most users, directly [download the latest build](https://github.com/LogCraftIO/logcraft-cli-plugins/releases) of the plugin.

### Building from the sources

If you prefer, you can build the plugin from the sources:

```bash
git clone https://github.com/LogCraftIO/logcraft-cli-plugins
cd logcraft-cli-plugins
cd splunk
cargo component build --release
```

The plugin will be released under: `../target/wasm32-wasi/release/splunk.wasm`. Add it to `lgc` using the `plugins install` command:

```bash
~$ cd your-work-dir
~$ lgc plugins install /path/to/target/wasm32-wasi/release/splunk.wasm
```

Note that compiling the plugin requires `cargo-component` and `wasm32-wasi`:

```bash
cargo install cargo-component --locked
rustup target add wasm32-wasi
```

## Installing the plugin
Once instantiated as a service, default values will be set.
For installation instructions, please refer to the [root README](../README.md).

## Configuration

The plugin has 2 parameters:
The plugin has the following parameters:

- `endpoint`: defines the URL of the Splunk server to interact with
- `authorization`: defines the authorization mechanism to use (Bearer or Basic)
- `authorization_scheme`: defines the authorization mechanism to use: Bearer (recommanded) or Basic.
- `authorization`: set the token to use, either a JWT Token (Bearer) or a Base64 encoded string `base64(user:password)` (Basic).
- `timeout`: an optional timeout for the communications with Splunk, default to 60 seconds.

### Authorization

#### User tokens
#### JWT/User tokens (recommended)
Authentication tokens are the recommended mechanism to authenticate to Splunk.
Log in to Splunk with admin privileges, then go to **Settings > Tokens** and create a new token.

Expand All @@ -66,11 +37,10 @@ services:
plugin: splunk
settings:
endpoint: https://192.168.64.22:8089
authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYW.....z4IaBtAHPFg
authorization_scheme: Bearer
authorization: eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYW.....z4IaBtAHPFg
```

**Make sure to include the keyword `Bearer` before the token as illustrated above.**

#### Basic

**Avoid using Basic authentification**, prefer using user tokens, but if you still need/want to do it, here is the procedure.
Expand All @@ -93,7 +63,6 @@ services:
plugin: splunk
settings:
endpoint: https://192.168.64.22:8089
authorization: Basic YndheW5lOmJhdG1hbg==
authorization_scheme: Basic
authorization: YndheW5lOmJhdG1hbg==
```

Similarely to tokens, make sure to add the keyword `Basic` before the base64 encoding.

0 comments on commit 507005a

Please sign in to comment.