- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Re: How to make an HTTPS POST request via /opt/spl...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey guys,
I'm trying to get my Alert script to send details of the alert to my server. The server only allows https connections, and it seems the built in python does not support ssl:
boba@splunk:/opt/splunk/bin/scripts$ /opt/splunk/bin/python
Python 2.7.5 (default, Sep 6 2014, 18:26:42)
[GCC 4.0.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import socket
>>> socket.ssl
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'ssl'
>>>
>>>
>>> import httplib
>>> httplib.HTTPSConnection
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'HTTPSConnection'
>>>
Ideally, I would like to have no dependencies on the environmental python, and only use Splunk's python. How can I make an HTTPS POST request via /opt/splunk/bin/python?
Thanks!
--- Travis
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This happens when you run Splunk's python without the Splunk environment.
Please try
$ /opt/splunk/bin/splunk cmd python
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This happens when you run Splunk's python without the Splunk environment.
Please try
$ /opt/splunk/bin/splunk cmd python
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, I think that works?
boba@splunk:/opt/splunk/bin$ /opt/splunk/bin/splunk cmd python
Python 2.7.5 (default, Sep 6 2014, 18:26:42)
[GCC 4.0.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>>
>>> import socket
>>> socket.ssl
<function ssl at 0xb74aa1b4>
>>>
>>>
What are the implications of that being successful?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Darn, then it is a case of me barking up the wrong tree? I was trying to isolate why my script didn't seem to be working, so I went to the shell to test and I ran into these SSL errors. From what you are saying, when Splunk calls the Alert Script, it will use essentially that /opt/splunk/bin/splunk cmd python command to run my script, Ergo if my alert script works from there Splunk should have no problems calling it... Which is good news
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, it's more before splunkd ever starts in the first place, splunk start will have set up LD_LIBRARY_PATH, PATH, PYTHONPATH and so on.
If your script is failing and you don't get any good information, you could start by looking in splunkd.log to see if the stderr is ending up there. For a lot of problems it's easiest to just copy-pasta a system alert's logging setup and start dumping debug statements to python.log
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep, definitely a case of barking up the wrong tree. The script was throwing an SSL error that I apparently wasn't logging, and it was painfully obvious when i ran that /opt/splunk/bin/splunk cmd python with my script. Once I remedied the SSL error the HTTPS request was fine.
Thank you for the nudge. I had nearly given up hope.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know how to answer this question. The implications are that you can do what you wanted.
The splunk environment will already be in place, of course, by the time splunk runs your alert script. For manual testing though, you'll have to use that recipe, or alternatively . /opt/splunk/bin/setSplunkEnv which sets up a shell to have that environment. That first dot is a command, and the path is the argument. I don't personally like setting up my shell with the Splunk env, as it can get system utilities to use the Splunk-provided libraries (which usually works but I'd prefer to avoid it). But if you're not doing system-administration in that config it's probably not a big deal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone else get this error from python packaged with their splunk instance?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh, I get similar errors for urllib, urllib2 and httplib2.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
