You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Couple of things relating to contentctl validate that would be good to get your thoughts on.
Validation using contentctl is very strict, with no OOTB support for tweaking what can be considered a warning or optional
We have a handful of detections and other knowledge objects that for one reason or another we either can't, or don't want to commit as code. The issue I frequently run in to is where we have a detection using a macro or lookup that's defined elsewhere (either defined in a separate app, or created in Splunk web).
I don't know what's planned for validation beyond 5.0, but it would be neat if we could 'tune' the validation for specific content, or as a blanket rule for things that just aren't strictly required. Macros and lookups are the two main things that come to mind, though I can imagine that arbitrary limits such as the need to have 2 drilldowns (or any at all for that matter) may also not be desirable for other users/orgs and could therefore be configured as optional.
CICD formatted output
Not even necessarily limited to just the validate command output. It would be nice if it were possible to produce output in json format for ease of machine reading as part of a CICD pipeline, the use case that comes to mind is for a validation action that produces error/warning annotations.
The text was updated successfully, but these errors were encountered:
Couple of things relating to
contentctl validatethat would be good to get your thoughts on.Validation using contentctl is very strict, with no OOTB support for tweaking what can be considered a warning or optional
We have a handful of detections and other knowledge objects that for one reason or another we either can't, or don't want to commit as code. The issue I frequently run in to is where we have a detection using a macro or lookup that's defined elsewhere (either defined in a separate app, or created in Splunk web).
I don't know what's planned for validation beyond 5.0, but it would be neat if we could 'tune' the validation for specific content, or as a blanket rule for things that just aren't strictly required. Macros and lookups are the two main things that come to mind, though I can imagine that arbitrary limits such as the need to have 2 drilldowns (or any at all for that matter) may also not be desirable for other users/orgs and could therefore be configured as optional.
CICD formatted output
Not even necessarily limited to just the validate command output. It would be nice if it were possible to produce output in json format for ease of machine reading as part of a CICD pipeline, the use case that comes to mind is for a validation action that produces error/warning annotations.
The text was updated successfully, but these errors were encountered: