10-02-2017 07:17 AM
Might be a bit cludgy because I am still learning python and shell scripting.
Biggest gotchas were to enable API access on the infoblox user's group settings, and make sure the lookup permissions were global on the splunk side.
a month ago
I would now reccomend using the Splunk add-on https://splunkbase.splunk.com/app/1546/ (rest_ta). You can then run a saved search to take the latest results and | outputlookup to update your lookup with latest data.
I ended up using response handler: JSONArrayHandler
If you want to specify arguments that are multi-value, be sure to change the delimiter to ":"
2 weeks ago
I get a csv/splunk lookup like this:
192.168.1.0\24, DataCenter1, servers
192.168.50.0\24, SiteC, workstations
192.168.55.0\26, SiteD, Guest Wifi
or whatever data you decide to put in the description field in infoblox for your networks.
For working with splunk I would look at the modular input app to eliminate the need for the python code. You can then use a scheduled search and | outputlookup to save as a lookup csv.