I am working on a tool to validate that splunk is operational, both HEC and std Indexing (9997). HEC Is easy to do with either python requests or the SDK, but how can I script, in python, writing a test event directly to the indexes on port 9997? I assume that the SDK will be my friend!?!?! Any help is MUCH appreciated!
Thank you VERY much for taking the time to help me out there. This worked
I have the following simple code:
#!/usr/bin/env python
import splunklib.client as client
HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "joniie"
# Create a Service instance and log in
service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)
# Print installed apps to the console to verify login
for app in service.apps:
print app.name
When I run this locally on the SPlunk test host (which has SDK installed) I get the following:
Traceback (most recent call last):
File "./logger.py", line 11, in <module>
service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)
File "/usr/lib/python2.7/site-packages/splunklib/client.py", line 321, in connect
s.login()
File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 857, in login
cookie="1") # In Splunk 6.2+, passing "cookie=1" will return the "set-cookie" header
File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 1201, in post
return self.request(url, message)
File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 1218, in request
response = self.handler(url, message, **kwargs)
File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 1357, in request
connection.request(method, path, body, head)
File "/usr/lib64/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/lib64/python2.7/httplib.py", line 1236, in connect
server_hostname=sni_hostname)
File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket
_context=self)
File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
self.do_handshake()
File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
What am I missing? Why is this not working?
This seems to be related to Splunk 7.x tree and not my 6.5.2 systems. I remember that there is a big change in SSL/TLS from 6 -> 7 so that would make sense. So that being said, does anyone know how to work around this issue so I can use the SDK on 7.x?
Are you on CentOS or RHEL 7?