Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are we unable to index data to Splunk enterprise using Splunk addon?

bhuvanabala
New Member
‎05-21-2019 11:02 PM

I am new to Splunk addon builder. I am using splunk addon builder to build an addon that feeds the REST API response as input to Splunk enterprise. For this i am using Python modular input method. Since REST API modular input one of the data collection input doesnt supports Oauth2.0 we are using python modular input to get the REST API response

Before i feed the response to splunk enterprise, tried feeding some sample data using the below syntax 

   def collect_events(helper, ew):
    event=helper.new_event(data="123",index="new_index",sourcetype="new_sourcetyp e)   
     ew.write_event(event)
     pass

I am able to print the output in console, but when i search for index="new_index" in search bar, its returing 0 events

Please let me know what i am missing here

Tags (2)
0 Karma
Reply

DavidHourani
Super Champion
‎05-22-2019 12:00 AM

Hi @bhuvanabala,

You can use the following link for reference :
http://dev.splunk.com/view/python-sdk/SP-CAAAEE6

There's an entire section about creating indexes and sending data there.

Also use this :
https://www.function1.com/2015/09/splunk-sdk-for-python-getting-data-in
It's a bit old but can still be used for reference.

Cheers,
David

0 Karma
Reply

suryajagarapu
Explorer
‎03-19-2020 12:05 PM

I am also facing the same issue as the events are getting displayed in output console of AOB but it's showing zero events for the index.
Any thoughts please?

0 Karma
Reply

suryajagarapu
Explorer
‎03-19-2020 01:23 PM

Hi @bhuvanabala , Could you please let me know what did you do fix the issue as I got stuck into the same situation and events are showing as 0 for the index though it's is displaying the event in output console?

0 Karma
Reply

DavidHourani
Super Champion
‎05-21-2019 11:32 PM

where are you writing the events to ?

0 Karma
Reply

bhuvanabala
New Member
‎05-21-2019 11:37 PM

Hi David,

Thanks for responding back.

I am tring to index the data under "new_index"(index name) and searched for the event in Search and Reporting App

Should i specify the App in the new_event() function

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...