topic REST API to automate CSV creation/export using Python script in Getting Data In

REST API to automate CSV creation/export using Python script

jofermin — Fri, 18 Aug 2017 17:23:43 GMT

I'm looking to write a Python script modeled after the example on this page: https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/RESTTUT/RESTsearches

However, the example python script only pulls the search ID. When I run the curl command to pull the search ID, then run the curl command to export the results of that search ID, I can't reliably export a CSV.

Here's the basic curl commands I'm using:

curl -u user:pass -k https://splunk.domain.com:8089/services/search/jobs -d search="search index=my_index | chart count by sourcetype"

Then I pull the searchID, for example 1234567.89

curl -u user:pass -k https://splunk.domain.com:8089/services/search/jobs/1234567.89/results --get -d output_mode=csv -o test.csv

After this step, if the search job isn't done, then the exported csv will be empty. I've tried to use the python command .sleep(60), but it only works if I'm searching earliest=@min-1min

Re: REST API to automate CSV creation/export using Python script

jkat54 — Fri, 18 Aug 2017 18:00:39 GMT

You need to check the status of the job and when isDone = 1, then fetch the results. You can find the status here:

curl -u user:pass -k https://splunk.domain.com:8089/services/search/jobs/1234567.89/

So you'll need a loop in your code that checks status.

Re: REST API to automate CSV creation/export using Python script

jofermin — Fri, 18 Aug 2017 18:11:34 GMT

Hey jkat, when I run that command, I receive an XML that has a bunch of <s:key name=.....> but there is no bool called isComplete.

Re: REST API to automate CSV creation/export using Python script

jofermin — Fri, 18 Aug 2017 19:41:33 GMT

Ah I found the bool it's <s:key name="isDone">1</s:key>thanks

Re: REST API to automate CSV creation/export using Python script

jkat54 — Fri, 18 Aug 2017 19:56:19 GMT

Thanks I updated my answer.