Building for the Splunk Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get Python to Communicate with Splunk

the4tress
Engager
‎05-16-2013 09:24 AM

I am trying to get Splunk to be my one source for our team's needs. Right now we have 3 different sites providing services in PHP. I am rewriting these apps in Python (basic MySQL reads and writes) and want to display the results in a Splunk app. I have been digging through the various documentation online and get more and more confused every time I start try to write the code.

My question is, how can I get Python to return data to Splunk? Is there a specific module I can use?

If I can just get to the point where I have a button in my app, then click it and "Hello World!" is displayed in a div, I can run from there.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎05-16-2013 04:34 PM

Have you taken a look at our Python SDK ?

You can use this to execute Splunk searches and integrate the results into your application and also send events from your Python app directly into Splunk. There is also a PHP SDK.

0 Karma
Reply

barakreeves
Splunk Employee
Splunk Employee
‎05-16-2013 10:27 AM

You have 2 options:

1- Scripted Input: Manager » Data inputs » Add data » Run and collect the output of a script: From the dock:
"there are times when you want to use scripts to feed data to Splunk for indexing, or prepare data from a non-standard source so Splunk can properly parse events and extract fields."
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptedInputsIntro

2- Modular Input: From the doco...
"Modular Inputs allows you to extend the Splunk framework to define a custom input capability. Splunk treats your custom input definitions as if they were part of Splunk's native inputs." **Asterisks mine
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ModInputsIntro

Your decision will be based on your use case. Try to use a modular input over a scripted one. Regardless, Splunk will work with your data either way.

I would first recommend creating a small test index, such as "zdev" Manager > Indexes to hold your data until you get the desired results. I always keep test indexes for this sort of thing.

I hope this helps. Don't forget to vote or accept this answer.

Reply

Ayn
Legend
‎05-16-2013 11:20 AM

Option 3 would be a custom search command.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...