Building for the Splunk Platform

Update notable event with splunklib (splunk-sdk for python)

Path Finder

Hi all,

I'm wondering if anyone has had success updating notable events using the Splunk SDK for Python (splunklib). I've seen a few examples of how to get it done with the splunk python package (for example, but I'd prefer to leverage the Python SDK.

I've formatted the POST request every way I can think of, but I can't get a proper request to the server. I always get the error:


splunklib.binding.HTTPError: HTTP 400 Bad Request -- b'"ValueError: One of comment, newOwner, status, urgency is required."'


I am passing a `comment` argument, but it must be doing it incorrectly.

Labels (3)
Tags (2)
0 Karma

New Member

A little late to the party here... I had the same issue when trying to post to Notables. I was able to solve it by structuring the calls this way:



"ruleUIDs":"123456789" ,

"comment":"comment goes here",


Hope this helps.

0 Karma

Splunk Employee
Splunk Employee

A curl based example is available here:

I'd reference that doc and leave comments on the doc page if you still run into issues.

Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...