Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to call /services/deployment/server/clients via urllib2 request

lohit
Path Finder
‎06-04-2015 06:00 AM

Hi all,

i have developed a query to check my host lastphonehoemtime information in DS as below:

|rest /services/deployment/server/clients splunk_server=local  | eval current = now() | convert ctime(lastPhoneHomeTime) as last ctime(current) as now | fields hostname ip last last now

The above query is working fine.
Now i want to call this via SDK, so i am using below code for that

ds_url = 'https://xyz:8089'
username='abc'
password='pqr'


request = urllib2.Request(ds_url + '/servicesNS/%s/search/auth/login' % (username),
data = urllib.urlencode({'username': username, 'password': password}))
server_content = urllib2.urlopen(request)

session_key = minidom.parseString(server_content.read()).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
print "Session Key: %s" % session_key


search_query=' |rest /services/deployment/server/clients | eval current = now() | convert ctime(lastPhoneHomeTime) as last ctime(current) as now | fields hostname ip last last now'
request = urllib2.Request(ds_url + '/services/deployment/server/clients',
    data = urllib.urlencode({'search': search_query,'output_mode': 'csv'}),
    headers = { 'Authorization': ('Splunk %s' %session_key)})
search_results = urllib2.urlopen(request)
print search_results.read()

I have two questions:

  1. How should i write the Splunk query to insert in the urllib2 object. Since in the main query 'rest' should be the first parameter and when calling via SDK first parameter should be 'search' ?
    1. How to pass value of /services/deployment/server/clients in urllib2.request method as the format should be /services/<user>/<app> ?

Any help would be highly appreciated !!

Tags (2)
0 Karma
Reply

sowings_splunk
Splunk Employee
Splunk Employee
‎06-04-2015 06:22 AM

Is there some reason that you could not use the Splunk Python SDK? It handles a lot of that header stuff for you.

EDIT: Consider this page for an example of how to connect to Splunk with the Python SDK: http://dev.splunk.com/view/python-sdk/SP-CAAAEE4

Next, this page describes how to run a search:

http://dev.splunk.com/view/python-sdk/SP-CAAAEE5

With these, you shouldn't need direct calls to urllib2 methods; the SDK will handle that for you.

0 Karma
Reply

lohit
Path Finder
‎06-04-2015 06:33 AM

I do not see much examples over splunk documentation. If there are could you provide me those. however i think my questions would stand out even if i use Splunk SDK.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...