- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- passing search result to empty python file
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
passing search result to empty python file
hi,
i am running a query
index="dataload" in search and i want to transfer it result in empty python file ..For that i hv uploaded a python sdk and created an empty file in aap-search-bin folder..
but i dont know the correct way,how can i transfer my search result to empty python file,i hv to again perform some operation on this python file..but first want to transfer my search result in python file
index="dataload" | tabel python.py
like this.....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your request for a python script command is quite confusing.
I see 2 alternate simple options :
export all your data in a csv file, and work out of splunk.
see the command "mysearch | table field1 field2 field3 | exportcsv mycsvfile.csv"
or the export options for the UIor find the correct regex to extract your fields in splunk (see the command "rex" )
http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Rex
and if needed, use multivalue fields commands,
http://docs.splunk.com/Documentation/Splunk/5.0.4/Search/Parsemultivaluefields
http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/ConfigureSplunktoparsemulti-valuefields
In this case, provide a useful sample. And the expected result.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm very sure Splunk can do this. My advice would be to open up a separate question about this, with examples and good information on what you want to do.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yup,but this is the only solution i think..because splunk is not able to make the regex for these fileds values like if the field has values like (720),(65,123,457) so it will make regex of (65,123,457) its a single value but splunk is cosidering it as different value and breaking it into 65 123 and 457 as individual unit
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And oh, if I recall correctly you were the guy who had field extraction problems and wanted to solve them by writing custom Python commands. I still don't think that sounds like a good solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That actually made me more confused than I was before 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i want to perform some python programming on that index because their is problem in extracting some of the fields.so by writing a script means i know that on 3rd line, my this output will be there so cutting all that field value... some thing like that
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean by transferring to an empty Python file? Why would you want to do that? What's the desired end result?
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
