Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Log data into Splunk using Python SDK

manudbc
Explorer
‎03-16-2018 03:31 AM

Hello,

I was wondering if there is anyway to log data into Splunk using python SDK. I've found a way to send data to a specific port. In my case, I'm trying to log data into Splunk using a Python script calling it from Splunk search. Let me explain myself a little bit more:

I perform a query that look like this: 

| script MyLogData parameter1 parameter2

That script make download a JSON file that I would like to log into Splunk. I have declared the script into commands.conf file so everything is fine. The file is executed successfully so there is no issue on that side.

The problem is that I haven't find a way to log data into splunk using Python SDK. The only solution I've found is log data using a "remote" connection (using user and password), but is not the way I would like to do it due to the script is running on the Splunk server. My question is, Is there anyway to log data directly into Splunk? Does the SDK have anyway to do it?

Thank you very much!

Kind regards 🙂

0 Karma
Reply

starcher
Influencer
‎03-16-2018 08:37 AM

If you are in python. You are way better off sending data via http event collector than directly through the API.

https://github.com/georgestarcher/Splunk-Class-httpevent

0 Karma
Reply

rodkinal
New Member
‎03-19-2018 01:33 AM

Hello!

Sorry for being late on my response. But, sending the event via HTTP means open an extra port? Is this method a buildin way to log events into splunk?

Thank you very much!

0 Karma
Reply

rodkinal
New Member
‎03-16-2018 06:34 AM

For some reason Splunk crashes after execute this script and I need to restart it. 

import splunklib.client as client
import requests,sys

def requestJSON():
    params = {'key': '1Uasdfui4', 'resource': 'aIUijasduhaiiajsdklfj'}
    headers = {"Accept-Encoding": "gzip, deflate", "User-Agent" : "Firefox" }
    response = requests.get('https://www.getmyjson.com/', params=params, headers=headers)
    return response.text

def main(argv):
        service = client.connect(app="MyAPP", sharing="app", username="user", password="password")
        cn = service.indexes["main"].attach(source="MyApp://MyApp", sourcetype="MyAPP",host="MyAPP")
        cn.write(requestJSON())
        print "Job done!"
if __name__ == "__main__":
    main(sys.argv[1:])

Does anyone know how to do this? Is weird that splunk crashes after this :S

0 Karma
Reply

tiagofbmm
Influencer
‎03-16-2018 03:38 AM

Hey

There is a oneshot.py in the Python sdk, have you had a look at it?

Also how about retrieving that data to a file a have Splunk monitor it after your script gets it?

Let me know your thoughts

0 Karma
Reply

rodkinal
New Member
‎03-16-2018 03:50 AM

Hello Tiago! Sounds great but after take a look into the file, I release that it only allows to perform searches. I've been investigating and it looks like submit.py may do what he's looking for. Could anyone confirm that?

0 Karma
Reply

tiagofbmm
Influencer
‎03-16-2018 04:04 AM

Yes I believe it is exactly what you need: command line utility that submits event data to Splunk from stdin.command line utility that submits event data to Splunk from stdin.

0 Karma
Reply

rodkinal
New Member
‎03-16-2018 04:59 AM

I'm taking a look into it 🙂 Thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...