Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the most convenient and rapid way to extract data from Splunk using Python 3?

meownoid
New Member
‎10-19-2017 07:36 AM

What is the most convenient and rapid way to extract data from Splunk using Python 3?

0 Karma
Reply

DalJeanis
Legend
‎10-19-2017 10:47 AM

Could you give us more of your use case?

For example, if you were a student who is just trying to figure out the easiest way to use the automatically generated test data in the demo version of Splunk to run a sample data visualization, then the answer is this...

  • Run a search to get what you want
  • Download it to CSV or JSON using the UI
  • Drop the CSV/JSON into Python
  • Done.

On the other, hand a production shop that needs to achieve sub-second response time for mission-critical queries might ask that same question with a completely different mindset.

If the above doesn't answer your question, then here's some of the stuff you have to fill in for us so we can hone in on what you need to know.

Don't worry about answering ALL of the questions, just give us an idea what you are trying to do.

What kind of data? Do you want to copy all the data, do you want to execute searches, or clone and offload ALL the data?

What are you trying to achieve? What is your current infrastructure? What is your current expertise?

When you ask "convenient" and "rapid", do you mean "requiring the least effort to set up" or "returning the results of inquiries most rapidly"?

0 Karma
Reply

meownoid
New Member
‎10-20-2017 04:37 AM

Thanks for your reply, I'll try to clarify my question.

1) Rapid means "requiring the least effort to set up".
2) I want to build ML system on top of the production data from splunk. So I need to extract a lot of data by query at first time and after that I need to extract new data constantly as it's available. So I can't do this manually.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...