Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get Python to Communicate with Splunk

the4tress
Engager
‎05-16-2013 09:24 AM

I am trying to get Splunk to be my one source for our team's needs. Right now we have 3 different sites providing services in PHP. I am rewriting these apps in Python (basic MySQL reads and writes) and want to display the results in a Splunk app. I have been digging through the various documentation online and get more and more confused every time I start try to write the code.

My question is, how can I get Python to return data to Splunk? Is there a specific module I can use?

If I can just get to the point where I have a button in my app, then click it and "Hello World!" is displayed in a div, I can run from there.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎05-16-2013 04:34 PM

Have you taken a look at our Python SDK ?

You can use this to execute Splunk searches and integrate the results into your application and also send events from your Python app directly into Splunk. There is also a PHP SDK.

0 Karma
Reply

barakreeves
Splunk Employee
Splunk Employee
‎05-16-2013 10:27 AM

You have 2 options:

1- Scripted Input: Manager » Data inputs » Add data » Run and collect the output of a script: From the dock:
"there are times when you want to use scripts to feed data to Splunk for indexing, or prepare data from a non-standard source so Splunk can properly parse events and extract fields."
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptedInputsIntro

2- Modular Input: From the doco...
"Modular Inputs allows you to extend the Splunk framework to define a custom input capability. Splunk treats your custom input definitions as if they were part of Splunk's native inputs." **Asterisks mine
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ModInputsIntro

Your decision will be based on your use case. Try to use a modular input over a scripted one. Regardless, Splunk will work with your data either way.

I would first recommend creating a small test index, such as "zdev" Manager > Indexes to hold your data until you get the desired results. I always keep test indexes for this sort of thing.

I hope this helps. Don't forget to vote or accept this answer.

Reply

Ayn
Legend
‎05-16-2013 11:20 AM

Option 3 would be a custom search command.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...