I know there is documentation, however, can someone give a simple example (with steps) for installing/using a python module from the native python library in Splunk? If it is not native please example how to install it into SPL v 6.2.3
Any explanation how to get started with python in Splunk is appreciated.
Thank you
Generally speaking, you write a Python script that performs the needed functions and place it in your app's 'bin' directory. The script is then invoked either by a custom search command. See http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands.
Hello, I was the same problem with Mysql module that I was install on my Centos server
Splunk didn't work with this library, because splunk has they own python library...then you can fix it only added on the begin your script all libraries of python and also you must to add the python Centos library too... as this way
[root@xxxx]#find / -name site-packages
/usr/lib/python2.7/site-packages
/usr/lib64/python2.7/site-packages
/opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/python2.7/site-packages
/opt/splunk/lib/python2.7/site-packages
[root@xxxx]# whereis python
python: /usr/bin/python2.7 /usr/bin/python /usr/lib/python2.7 /usr/lib64/python2.7 /etc/python /usr/include/python2.7 /opt/splunk/bin/python /opt/splunk/bin/python2.7 /usr/share/man/man1/python.1.gz
include all at begin your script
import sys
sys.path.append('/usr/bin/python2.7')
sys.path.append('/usr/lib/python2.7/site-packages')
sys.path.append('/usr/lib64/python2.7/site-packages')
And that's it , you can run mysql module without any problem and create your alerts with this module.
import mysql.connector
I hope that this fix will help you
Joel Urtubia Ugarte
Generally speaking, you write a Python script that performs the needed functions and place it in your app's 'bin' directory. The script is then invoked either by a custom search command. See http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands.
Hi Rich, I don't have an option to accept your answer. If your comment an answer then I will accept it. Thanks
That makes sense. Thank you
Python is built-in to Splunk so no installation is required. What do you want to do with Python? Are you creating a scripted input or something else?
Scenario: I need to look at all incoming email domains (e.g. sender@domain.tld) and compare them to a white list of domains to see if the new arrivals are typo-squatting, fuzzing, etc. (e.g. sender@domaininc.tld). I am not looking for exact matches but permutations of the white list.
I have tried "cluster" but it slows the search to a crawl. Therefore I was thinking of using some python scripts to do some of the heavy lifting (comparing). Maybe I am off track...
If you have any suggestions please let me know.
Of course, I am also interested in using python for other SPL enhancements as well.
Thank you