Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get Python to Communicate with Splunk

the4tress
Engager
‎05-16-2013 09:24 AM

I am trying to get Splunk to be my one source for our team's needs. Right now we have 3 different sites providing services in PHP. I am rewriting these apps in Python (basic MySQL reads and writes) and want to display the results in a Splunk app. I have been digging through the various documentation online and get more and more confused every time I start try to write the code.

My question is, how can I get Python to return data to Splunk? Is there a specific module I can use?

If I can just get to the point where I have a button in my app, then click it and "Hello World!" is displayed in a div, I can run from there.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎05-16-2013 04:34 PM

Have you taken a look at our Python SDK ?

You can use this to execute Splunk searches and integrate the results into your application and also send events from your Python app directly into Splunk. There is also a PHP SDK.

0 Karma
Reply

barakreeves
Splunk Employee
Splunk Employee
‎05-16-2013 10:27 AM

You have 2 options:

1- Scripted Input: Manager » Data inputs » Add data » Run and collect the output of a script: From the dock:
"there are times when you want to use scripts to feed data to Splunk for indexing, or prepare data from a non-standard source so Splunk can properly parse events and extract fields."
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptedInputsIntro

2- Modular Input: From the doco...
"Modular Inputs allows you to extend the Splunk framework to define a custom input capability. Splunk treats your custom input definitions as if they were part of Splunk's native inputs." **Asterisks mine
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ModInputsIntro

Your decision will be based on your use case. Try to use a modular input over a scripted one. Regardless, Splunk will work with your data either way.

I would first recommend creating a small test index, such as "zdev" Manager > Indexes to hold your data until you get the desired results. I always keep test indexes for this sort of thing.

I hope this helps. Don't forget to vote or accept this answer.

Reply

Ayn
Legend
‎05-16-2013 11:20 AM

Option 3 would be a custom search command.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...