https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14173#M61 <P>There is also a new Splunk Python SDK on GitHub. You can access it here: <A href="https://github.com/splunk/splunk-sdk-python">https://github.com/splunk/splunk-sdk-python</A></P> <P>There are a number of search examples in the SDK. </P> <P>Any questions - <A href="mailto:psanford@splunk.com">psanford@splunk.com</A> or ping us on Twitter: @splunkdev </P> Wed, 28 Sep 2011 17:01:32 GMT psanford_splunk 2011-09-28T17:01:32Z https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14170#M58 <P>I am trying to get realtime streaming results using the python sdk. The code I was using looks like this:</P> <PRE><CODE>auth.getSessionKey('admin','changeme') args = {"earliestTime": 0, "latestTime": 0} job = search.dispatch(' search *',**args) for event in job: print event['_raw'] print search job.cancel() </CODE></PRE> <P>No errors, but no results either. What am I doing wrong?</P> Tue, 25 May 2010 11:38:09 GMT https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14170#M58 bfaber 2010-05-25T11:38:09Z https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14171#M59 <P>Have you tried adding <CODE>rt</CODE> to your earliest/lastest times?</P> Wed, 26 May 2010 02:49:09 GMT https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14171#M59 Lowell 2010-05-26T02:49:09Z https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14172#M60 <P>Using the Job Inspector, I was able to reverse the kwargs...</P> <PRE><CODE>args = {'time_format': '%s.%Q', 'search': 'search *', 'required_field_list': '*', 'max_count': '10000', 'ui_dispatch_app': 'search', 'latest_time': 'rt', 'status_buckets': '300', 'ui_dispatch_view': 'flashtimeline', 'earliest_time': 'rt-1m', 'auto_cancel': '100'} </CODE></PRE> <P>This changes the search line to be:</P> <PRE><CODE>job = search.dispatch(**args) </CODE></PRE> <P>This all seems to work, but is probably more complex than needed. </P> Wed, 26 May 2010 08:49:50 GMT https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14172#M60 bfaber 2010-05-26T08:49:50Z https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14173#M61 <P>There is also a new Splunk Python SDK on GitHub. You can access it here: <A href="https://github.com/splunk/splunk-sdk-python">https://github.com/splunk/splunk-sdk-python</A></P> <P>There are a number of search examples in the SDK. </P> <P>Any questions - <A href="mailto:psanford@splunk.com">psanford@splunk.com</A> or ping us on Twitter: @splunkdev </P> Wed, 28 Sep 2011 17:01:32 GMT https://community.splunk.com/t5/Splunk-Dev/python-sdk-and-realtime-search/m-p/14173#M61 psanford_splunk 2011-09-28T17:01:32Z