Solved: Find splunkd Port from Scripted Input

David · ‎04-26-2015

Similar to http://answers.splunk.com/answers/232122/find-splunkd-port-from-custom-search-command.html

I have a scripted input that runs a number of API searches. This worked in my lab environment where I had hardcoded port 8089, but failed when I switched to a production instance that had splunkd listening on a different port (error message splunklib.binding.AuthenticationError: Request failed: Session is not logged in.). It was not immediately clear how to figure out the port dynamically.

David · ‎04-26-2015

I was able to leverage a similar solution to the one linked to above:

import splunklib.results as results
import splunklib.client as client
import sys
from datetime import datetime
sessionKey = ""

for line in sys.stdin:
  sessionKey = line

import splunk.entity, splunk.Intersplunk
settings = dict()
records = splunk.Intersplunk.readResults(settings = settings, has_header = True)
entity = splunk.entity.getEntity('/server','settings', namespace='[INSERT APP]', sessionKey=sessionKey, owner='-')
mydict = dict()
mydict = entity
myPort = mydict['mgmtHostPort']

service = client.Service(token=sessionKey, host="127.0.0.1", port=myPort, user="admin")
kwargs_normalsearch = {"exec_mode": "normal", "app": "[INSERT APP]"}

searchquery_normal = '[MySearch]'
job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)

while True:
    job.refresh()
    stats = {"isDone": job["isDone"],
             "doneProgress": float(job["doneProgress"])*100}
    if stats["isDone"] == "1":
        break
    time.sleep(2)
for result in results.ResultsReader(job.results()):
    [...]

For completeness, my inputs.conf stanza is:

[script://$SPLUNK_HOME/etc/apps/[MyAppName]/bin/CheckDataStats-search.py]
disabled = 0
interval = 600
source = [MySource]
sourcetype = [MySourcetype]
passAuth = admin

View solution in original post

David · ‎04-26-2015

I was able to leverage a similar solution to the one linked to above:

import splunklib.results as results
import splunklib.client as client
import sys
from datetime import datetime
sessionKey = ""

for line in sys.stdin:
  sessionKey = line

import splunk.entity, splunk.Intersplunk
settings = dict()
records = splunk.Intersplunk.readResults(settings = settings, has_header = True)
entity = splunk.entity.getEntity('/server','settings', namespace='[INSERT APP]', sessionKey=sessionKey, owner='-')
mydict = dict()
mydict = entity
myPort = mydict['mgmtHostPort']

service = client.Service(token=sessionKey, host="127.0.0.1", port=myPort, user="admin")
kwargs_normalsearch = {"exec_mode": "normal", "app": "[INSERT APP]"}

searchquery_normal = '[MySearch]'
job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)

while True:
    job.refresh()
    stats = {"isDone": job["isDone"],
             "doneProgress": float(job["doneProgress"])*100}
    if stats["isDone"] == "1":
        break
    time.sleep(2)
for result in results.ResultsReader(job.results()):
    [...]

For completeness, my inputs.conf stanza is:

[script://$SPLUNK_HOME/etc/apps/[MyAppName]/bin/CheckDataStats-search.py]
disabled = 0
interval = 600
source = [MySource]
sourcetype = [MySourcetype]
passAuth = admin

Find splunkd Port from Scripted Input

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life