Use Python API on a query

MK3 — Tue, 20 Aug 2024 14:15:05 GMT

Hello,

I have a query used on Splunk enterprise web (search)-

I am trying to put that into a python API code using Job class as this -

searchquery_oneshot ="<my above query>"

I am getting error - "SyntaxError: invalid decimal literal" pointing to the 12h in main query.

How can I fix this?

[2) Can I direct "collect" results (summary index) via this API into json format?]

Thanks

Re: Use Python API on a query

PickleRick — Tue, 20 Aug 2024 15:23:04 GMT

1. This search is not proper SPL. The quotes don't add up so it's not obvious if you're quoting whole search or indeed have unneeded quotes in it.

2. Are you sure you're not forgetting about escaping quotes in your string containing search?

3. On Splunk's side, back around 8.0 or even a bit after that the order of arguments with bin and timechart was important. You needed to put the "span=12h" as the first parameter immediately after the command. With sufficiently modern Splunk version it's more lenient to just placing the span parameter almost anywhere.

topic Re: Use Python API on a query in Splunk Search

Use Python API on a query

Re: Use Python API on a query