Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Get Python to Communicate with Splunk

the4tress
Engager
‎05-16-2013 09:24 AM

I am trying to get Splunk to be my one source for our team's needs. Right now we have 3 different sites providing services in PHP. I am rewriting these apps in Python (basic MySQL reads and writes) and want to display the results in a Splunk app. I have been digging through the various documentation online and get more and more confused every time I start try to write the code.

My question is, how can I get Python to return data to Splunk? Is there a specific module I can use?

If I can just get to the point where I have a button in my app, then click it and "Hello World!" is displayed in a div, I can run from there.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎05-16-2013 04:34 PM

Have you taken a look at our Python SDK ?

You can use this to execute Splunk searches and integrate the results into your application and also send events from your Python app directly into Splunk. There is also a PHP SDK.

0 Karma
Reply

barakreeves
Splunk Employee
Splunk Employee
‎05-16-2013 10:27 AM

You have 2 options:

1- Scripted Input: Manager » Data inputs » Add data » Run and collect the output of a script: From the dock:
"there are times when you want to use scripts to feed data to Splunk for indexing, or prepare data from a non-standard source so Splunk can properly parse events and extract fields."
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptedInputsIntro

2- Modular Input: From the doco...
"Modular Inputs allows you to extend the Splunk framework to define a custom input capability. Splunk treats your custom input definitions as if they were part of Splunk's native inputs." **Asterisks mine
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ModInputsIntro

Your decision will be based on your use case. Try to use a modular input over a scripted one. Regardless, Splunk will work with your data either way.

I would first recommend creating a small test index, such as "zdev" Manager > Indexes to hold your data until you get the desired results. I always keep test indexes for this sort of thing.

I hope this helps. Don't forget to vote or accept this answer.

Reply

Ayn
Legend
‎05-16-2013 11:20 AM

Option 3 would be a custom search command.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
Top