I am new to Splunk so just want to know that if I have a python variable with some value, can I pass that value in a search query?
If it is possible, how do I pass this python variable in a search?
I am writing code in python using splunk-sdk for python.
My requirement is something like this:
application="Application Control"
searchquery_export = ' search sourcetype=opsec product=application | top src_ip '
That's essentially correct, but, of course, the parameters must be identified in the format statement. Here is part of a search that I use in python. The parameters are passed witht he URL and inserted into the search. Just remember to escape your quotes.
Passed parameters
mac="002220030180"
cName="LOC3652"
service.login()
kwargs_normalsearch = {"exec_mode": "blocking"}
jobs = service.job
job = jobs.create("
| inputlookup Client_Info.csv
| search mac_addr=\"{0}\"
| eval Client=\"{1}\"
| dedup Date
| eval Hours=MBs/MBHR
| rename MBHR as MBs/HR...".format(mac, cName) , **kwargs_normalsearch)
thank you very much guys for replying.
This solution is working fine for me.
'search sourcetype=opsec product=\"{0}\" | top src_ip '.format(application)
That's essentially correct, but, of course, the parameters must be identified in the format statement. Here is part of a search that I use in python. The parameters are passed witht he URL and inserted into the search. Just remember to escape your quotes.
Passed parameters
mac="002220030180"
cName="LOC3652"
service.login()
kwargs_normalsearch = {"exec_mode": "blocking"}
jobs = service.job
job = jobs.create("
| inputlookup Client_Info.csv
| search mac_addr=\"{0}\"
| eval Client=\"{1}\"
| dedup Date
| eval Hours=MBs/MBHR
| rename MBHR as MBs/HR...".format(mac, cName) , **kwargs_normalsearch)
I'm new to Python, but I think something like this should do the job.
searchquery_export = ' search sourcetype=opsec product={} | top src_ip '.format(application)