Splunklib API retrieve inputlookup

Tim00 — Mon, 16 Aug 2021 07:45:48 GMT

Hi all,

have been using the splunklib package in Python to connect to the Splunk API for some time now, and it works fine. As sample search I use is provided below:

searchquery = """search index=wineventlog EventCode=4688 earliest=-4h | fields user, ETC, ETC, ETC
| table user, ETC, ETC, ETC"""
resolveQuery = SplunkQuery(host, port, username, password)
df = resolveQuery.splunk_fetch(searchquery)

The search return a pandas dataframe (in Python) containing the required information.

When I try to retrieve an inputlookup however, the search doesn't return any information, only an empty dataframe. Below is an example of a searchquery I use to try and retrieve an inputlookup:

searchquery = """search | inputlookup infomation.csv"""

Any help would be highly appreciated: how can I retrieve inputlookups using the Splunklib package in Python?

Re: Splunklib API retrieve inputlookup

richgalloway — Mon, 16 Aug 2021 12:35:13 GMT

The inputlookup command is supposed to be the first command in a query. Try this:

searchquery = """| inputlookup infomation.csv"""

Re: Splunklib API retrieve inputlookup

Tim00 — Mon, 23 Aug 2021 08:03:39 GMT

Thanks for your help

topic Re: Splunklib API retrieve inputlookup in Splunk Search

Splunklib API retrieve inputlookup

Re: Splunklib API retrieve inputlookup

Re: Splunklib API retrieve inputlookup