Gunzip and un tar the distirbution into $SPLUNK_HOME/etc/apps
Copy default/inputs.conf to your app's local directory and enable the input.
You may also configure the interval to be longer or shorter.
Copy the content of bin into your app's bin directory. Change feeds.txt file
to use your own RSS inputs as the samples are provided for testing.
Restart Splunk.
Note: if you do not copy of any of the files from thie TA to your own folders,
the TA will run on it's own with the default settings collecting RSS feeds
from the RSS URLs in feeds.txt.
Because the meta data has key=value for each event, the fields will already
be extracted to be used for further processing in Splunk. If you timestamp is
different than what is in default/props.conf copy props.conf to a new local
directory under the same rss directory and change props.conf to match your
timestamp.
To saerch for data within Splunk, use a command like this:
index=<name of your index> sourcetype=rssfeed|dedup link
The link is deduped as the same feed may be re-indexed if it is in the listing
every 24 hours. There is also a workflow action after you receive results in
the link field called "Read Article"
Minor fix. Continue to use Python 3.x and new open source Feedparser that works in Python 3.x.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.