- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Python SDK: How to bypass max count in limits.conf...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I'm currently working on some duplicate prevention scripts in Python, for this i am looking for a simple Python code example that would allow bypassing the max number of events set in limits.conf
Using the "search.py" provided in example won't allow bypassing the limits.conf max event limit, i found this link:
http://answers.splunk.com/answers/39243/python-sdk-results-limited-to-50-000.html
And some others for C# and Java, but i don't get it to be honest...
A simple code sample would be very helpful for me...and others with the same need 🙂
Thanks in advance for you help !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For people looking for the same need, i finally found my solution on Splunk dev using REST API with a simple Python script, i can retrieve the full event no matters the number of events 🙂
Works great and very simple !
http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT
Python sample script:
#!/usr/bin/env python
import urllib, urllib2
from xml.dom import minidom
base_url = 'https://localhost:8089'
username = 'admin'
password = 'changeme'
search_query = 'search error | head 10'
# Login and get the session key
request = urllib2.Request(base_url + '/servicesNS/%s/search/auth/login' % (username),
data = urllib.urlencode({'username': username, 'password': password}))
server_content = urllib2.urlopen(request)
session_key = minidom.parseString(server_content.read()).\
getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
print "Session Key: %s" % session_key
# Perform a search
request = urllib2.Request(base_url + '/servicesNS/%s/search/search/jobs/export' % (username),
data = urllib.urlencode({'search': search_query,'output_mode': 'csv'}),
headers = { 'Authorization': ('Splunk %s' %session_key)})
search_results = urllib2.urlopen(request)
print search_results.read()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For people looking for the same need, i finally found my solution on Splunk dev using REST API with a simple Python script, i can retrieve the full event no matters the number of events 🙂
Works great and very simple !
http://dev.splunk.com/view/basic-tutorial/SP-CAAADQT
Python sample script:
#!/usr/bin/env python
import urllib, urllib2
from xml.dom import minidom
base_url = 'https://localhost:8089'
username = 'admin'
password = 'changeme'
search_query = 'search error | head 10'
# Login and get the session key
request = urllib2.Request(base_url + '/servicesNS/%s/search/auth/login' % (username),
data = urllib.urlencode({'username': username, 'password': password}))
server_content = urllib2.urlopen(request)
session_key = minidom.parseString(server_content.read()).\
getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
print "Session Key: %s" % session_key
# Perform a search
request = urllib2.Request(base_url + '/servicesNS/%s/search/search/jobs/export' % (username),
data = urllib.urlencode({'search': search_query,'output_mode': 'csv'}),
headers = { 'Authorization': ('Splunk %s' %session_key)})
search_results = urllib2.urlopen(request)
print search_results.read()
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
