A CLI tool for converting Splunk .conf configurations to SPL2

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ta_automation from gravatar.com ta_automation

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (Splunk Proprietary)
  • Author: Splunk
  • Tags conf , converter , pipeline , spl2 , splunk
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

conf-spl2-converter

A CLI tool for converting Splunk .conf configurations (props.conf / transforms.conf) to SPL2 pipeline templates.

Alpha — this project is under active development. APIs and output format may change.

Installation

Requires Python 3.9+.

pip install conf-spl2-converter

Usage

Point the tool at a TA package directory that contains default/props.conf:

# Auto-discover all sourcetypes from props.conf (no config file needed)
conf-spl2-converter generate /path/to/ta

# Use a config file to control which sourcetypes are processed and how
conf-spl2-converter generate /path/to/ta -c field_extraction_config.json

# Write output to a custom directory
conf-spl2-converter generate /path/to/ta -o /tmp/my-output

# Export parsed template data as JSON (useful for debugging / integration)
conf-spl2-converter generate /path/to/ta -o /tmp/my-output -f json

# Combine all options with verbose logging
conf-spl2-converter generate /path/to/ta -c config.json -o ./out -f spl2 -v

Config file

When --config / -c is not provided, the tool looks for field_extraction_config.json inside the TA directory. If found, it is used automatically. If not found, sourcetypes are auto-discovered from props.conf.

When --config / -c is provided, the specified config file is used instead (overrides the default lookup in the TA directory).

The config file controls which sourcetypes are processed along with extra settings like lookups, fields to trim, kv_mode overrides, etc.

Options

Flag Short Description
--config -c Path to a field_extraction_config.json. When omitted, looks for it in the TA directory; falls back to auto-discovery from props.conf.
--output -o Output directory for generated files. Defaults to <ta_path>/default/data/spl2/.
--format -f Output format: spl2 (default) or json.
--verbose -v Enable debug logging.
--version Show version information.

Output formats

  • spl2 (default) — renders .spl2 pipeline files ready for use in Splunk.
  • json — writes a structured JSON file per sourcetype containing the parsed template data (extractions, evals, lookups, etc.).

Development

# Install dependencies (requires uv)
uv sync --group dev

# Run tests
uv run pytest

# Lint and format
uv run ruff check .
uv run ruff format .

# Install pre-commit hooks
uv run pre-commit install

License

Copyright (C) 2026 Splunk Inc. All Rights Reserved. See LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ta_automation from gravatar.com ta_automation

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (Splunk Proprietary)
  • Author: Splunk
  • Tags conf , converter , pipeline , spl2 , splunk
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.11.0

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.4.1

0.4.0

0.3.0

This version

0.2.0

0.1.9

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

conf_spl2_converter-0.2.0.tar.gz (128.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

conf_spl2_converter-0.2.0-py3-none-any.whl (59.7 kB view details)

Uploaded Python 3

File details

Details for the file conf_spl2_converter-0.2.0.tar.gz.

File metadata

  • Download URL: conf_spl2_converter-0.2.0.tar.gz
  • Upload date:
  • Size: 128.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.7 {"installer":{"name":"uv","version":"0.10.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"22.04","id":"jammy","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for conf_spl2_converter-0.2.0.tar.gz
Algorithm Hash digest
SHA256 4a34349509898ffc3cade9ba7c45c0996d653205a83a603b465fd54d2474c9d0
MD5 00b63a5fe699c162db88640219e4a67e
BLAKE2b-256 bc86fad989d433bbe53767a14ee010a77fdb1eefe28614312f0a62910af09a0a

See more details on using hashes here.

File details

Details for the file conf_spl2_converter-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: conf_spl2_converter-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 59.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.7 {"installer":{"name":"uv","version":"0.10.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"22.04","id":"jammy","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for conf_spl2_converter-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f32b8db08988144983bc1ada9a613154e9c2f0a795f83605a94634a8c2548bbd
MD5 9a32c896256fd5d57209d87a0ebec225
BLAKE2b-256 6fd062446a90a1c43c2d0cf42274ae886138969d9c4a96286f50ac007d2a5021

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page