I'm trying to get my Alert script to send details of the alert to my server. The server only allows https connections, and it seems the built in python does not support ssl:
boba@splunk:/opt/splunk/bin/scripts$ /opt/splunk/bin/python Python 2.7.5 (default, Sep 6 2014, 18:26:42) [GCC 4.0.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> >>> import socket >>> socket.ssl Traceback (most recent call last): File "<stdin>", line 1, in <module> AttributeError: 'module' object has no attribute 'ssl' >>> >>> >>> import httplib >>> httplib.HTTPSConnection Traceback (most recent call last): File "<stdin>", line 1, in <module> AttributeError: 'module' object has no attribute 'HTTPSConnection' >>>
Ideally, I would like to have no dependencies on the environmental python, and only use Splunk's python. How can I make an HTTPS POST request via /opt/splunk/bin/python?
Oh, I get similar errors for urllib, urllib2 and httplib2.
Does anyone else get this error from python packaged with their splunk instance?
This happens when you run Splunk's python without the Splunk environment.
$ /opt/splunk/bin/splunk cmd python
Well, I think that works?
boba@splunk:/opt/splunk/bin$ /opt/splunk/bin/splunk cmd python Python 2.7.5 (default, Sep 6 2014, 18:26:42) [GCC 4.0.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> >>> >>> import socket >>> socket.ssl <function ssl at 0xb74aa1b4> >>> >>>
What are the implications of that being successful?
I don't know how to answer this question. The implications are that you can do what you wanted.
The splunk environment will already be in place, of course, by the time splunk runs your alert script. For manual testing though, you'll have to use that recipe, or alternatively
. /opt/splunk/bin/setSplunkEnv which sets up a shell to have that environment. That first dot is a command, and the path is the argument. I don't personally like setting up my shell with the Splunk env, as it can get system utilities to use the Splunk-provided libraries (which usually works but I'd prefer to avoid it). But if you're not doing system-administration in that config it's probably not a big deal.
Darn, then it is a case of me barking up the wrong tree? I was trying to isolate why my script didn't seem to be working, so I went to the shell to test and I ran into these SSL errors. From what you are saying, when Splunk calls the Alert Script, it will use essentially that
/opt/splunk/bin/splunk cmd python command to run my script, Ergo if my alert script works from there Splunk should have no problems calling it... Which is good news
Well, it's more before splunkd ever starts in the first place, splunk start will have set up LDLIBRARYPATH, PATH, PYTHONPATH and so on.
If your script is failing and you don't get any good information, you could start by looking in splunkd.log to see if the stderr is ending up there. For a lot of problems it's easiest to just copy-pasta a system alert's logging setup and start dumping debug statements to python.log
Yep, definitely a case of barking up the wrong tree. The script was throwing an SSL error that I apparently wasn't logging, and it was painfully obvious when i ran that
/opt/splunk/bin/splunk cmd python with my script. Once I remedied the SSL error the HTTPS request was fine.
Thank you for the nudge. I had nearly given up hope.