Re: Splunk python SDK to update kvstore error

kyaparla · ‎07-02-2018

Getting this error when using batch_save to update kvstore through Splunk python SDK.

This works fine when posting same content through curl, not sure if some limitation through splunk SDK. Anyone have any idea on quick fix?

File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/client.py", line 3724, in batch_save
return json.loads(self._post('batch_save', headers=KVStoreCollectionData.JSON_HEADER, body=data).body.read().decode('utf-8'))
File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/client.py", line 3615, in _post
return self.service.post(self.path + url, owner=self.owner, app=self.app, sharing=self.sharing, **kwargs)
File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/binding.py", line 289, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/binding.py", line 71, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/binding.py", line 742, in post
response = self.http.post(path, all_headers, **query)
File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/binding.py", line 1208, in post
return self.request(url, message)
File "/opt/splunk/etc/apps/adp_cmdb/bin/splunklib/binding.py", line 1228, in request
raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 400 Bad Request -- The provided query was invalid.

jrouse025 · ‎04-01-2019

When you call the client.data.batch_save() be sure to put an asterisk in front of your passed parameter.
client.data.batch_save(*data)

You can see this in the unit tests:
https://github.com/splunk/splunk-sdk-python/blob/master/tests/test_kvstore_batch.py
unit test: def test_insert_find_update_data(self):

Splunk python SDK to update kvstore error

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases