A CLI tool for converting Splunk .conf configurations to SPL2

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ta_automation from gravatar.com ta_automation

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (Splunk Proprietary)
  • Author: Splunk
  • Tags conf , converter , pipeline , spl2 , splunk
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

conf-spl2-converter

A CLI tool for converting Splunk .conf configurations (props.conf / transforms.conf) to SPL2 pipeline templates.

Installation

Requires Python 3.9+ and uv.

uv sync

Usage

Point the tool at a TA package directory that contains default/props.conf:

# Auto-discover all sourcetypes from props.conf (no config file needed)
uv run conf-spl2-converter generate /path/to/ta

# Use a config file to control which sourcetypes are processed and how
uv run conf-spl2-converter generate /path/to/ta -c field_extraction_config.json

# Write output to a custom directory
uv run conf-spl2-converter generate /path/to/ta -o /tmp/my-output

# Export parsed template data as JSON (useful for debugging / integration)
uv run conf-spl2-converter generate /path/to/ta -o /tmp/my-output -f json

# Combine all options with verbose logging
uv run conf-spl2-converter generate /path/to/ta -c config.json -o ./out -f spl2 -v

Config file

When --config / -c is not provided, the tool looks for field_extraction_config.json inside the TA directory. If found, it is used automatically. If not found, sourcetypes are auto-discovered from props.conf.

When --config / -c is provided, the specified config file is used instead (overrides the default lookup in the TA directory).

The config file controls which sourcetypes are processed along with extra settings like lookups, fields to trim, kv_mode overrides, etc.

Options

Flag Short Description
--config -c Path to a field_extraction_config.json. When omitted, looks for it in the TA directory; falls back to auto-discovery from props.conf.
--output -o Output directory for generated files. Defaults to <ta_path>/default/data/spl2/.
--format -f Output format: spl2 (default) or json.
--verbose -v Enable debug logging.
--version Show version information.

Output formats

  • spl2 (default) — renders .spl2 pipeline files ready for use in Splunk.
  • json — writes a structured JSON file per sourcetype containing the parsed template data (extractions, evals, lookups, etc.).

Development

# Run tests
uv run pytest

# Lint and format
uv run ruff check .
uv run ruff format .

# Install pre-commit hooks
uv run pre-commit install

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ta_automation from gravatar.com ta_automation

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (Splunk Proprietary)
  • Author: Splunk
  • Tags conf , converter , pipeline , spl2 , splunk
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.11.0

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.4.1

0.4.0

0.3.0

0.2.0

This version

0.1.9

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

conf_spl2_converter-0.1.9.tar.gz (85.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

conf_spl2_converter-0.1.9-py3-none-any.whl (59.6 kB view details)

Uploaded Python 3

File details

Details for the file conf_spl2_converter-0.1.9.tar.gz.

File metadata

  • Download URL: conf_spl2_converter-0.1.9.tar.gz
  • Upload date:
  • Size: 85.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"22.04","id":"jammy","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for conf_spl2_converter-0.1.9.tar.gz
Algorithm Hash digest
SHA256 da14d1c96882a019bb2ddf6b419ccd97107ee9e4f83c1d8dab8644528c29701e
MD5 4d043e284174235052936af15c8b340c
BLAKE2b-256 da924b8fa7ee31284d44eb7a7d3a0817643dfe87f717bdfa7911e518c32c71c1

See more details on using hashes here.

File details

Details for the file conf_spl2_converter-0.1.9-py3-none-any.whl.

File metadata

  • Download URL: conf_spl2_converter-0.1.9-py3-none-any.whl
  • Upload date:
  • Size: 59.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"22.04","id":"jammy","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for conf_spl2_converter-0.1.9-py3-none-any.whl
Algorithm Hash digest
SHA256 f69e685fe7b6af52631064ffb5863f18aaebe38ec5c8463b009f028d93c82ec7
MD5 8548267e1b3e87c3a4a05b88bb8948b3
BLAKE2b-256 59229a1761bf6e5b6de4919d175f986ed3b8a3850d343f8cd1164ec118da5077

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page