Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Access Splunk app using Python SDK?

ww9rivers
Contributor
‎11-09-2012 04:31 PM

I am building a web app using Python to service a dashboard to users that we don't want to have direct access to Splunk.

On Splunk search head, URL to the app is https://my.splunk.search.hear:8000/en-US/app/myapp/summary

So, here is a little Python code snippet:

import splunklib.client as client

spconf = appconf['splunk']
splunk = client.connect(**spconf['server'])
result = splunk.get(spconf['index'])
return dict(content=result.body.read())

Where, appconf is read out of a JSON file like this:

    {
            "splunk":
            {
                    "server":
                    {
                            "host":         "*my.splunk.search.head*",
                            "port":         8089,
                            "username":     "*username*",
                            "password":     "*password*",
                            "app":          "myapp"
                    },
                    "index":        "summary"
            }
}

But all I am getting is 404 on the splunk.get() call.

Thanks in advance for any insights.

Reply
1 Solution
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎03-11-2013 08:23 AM

It sounds like you want to be searching Splunk for some results and perhaps that search is embedded in a particular app somewhere. So, the optimal way to expose results from Splunk in this scenario would be to execute the search from the python SDK and then return the results to your custom web app that is serving those customers/end users who are not logging in directly to the Splunk UI.

We have a number of search examples for the Python SDK here: http://dev.splunk.com/view/SP-CAAAEE5

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎03-11-2013 08:23 AM

It sounds like you want to be searching Splunk for some results and perhaps that search is embedded in a particular app somewhere. So, the optimal way to expose results from Splunk in this scenario would be to execute the search from the python SDK and then return the results to your custom web app that is serving those customers/end users who are not logging in directly to the Splunk UI.

We have a number of search examples for the Python SDK here: http://dev.splunk.com/view/SP-CAAAEE5

0 Karma
Reply
Solved! Jump to solution

sieutruc
Contributor
‎11-10-2012 05:32 AM

enter code hereIt seems that error 404 is "app template does not exist"
Your API endpoint doesn't exist, as specified in API endpoint

If you want to get index in specified app namespace in Splunk:
.splunkrc

host=localhost
port=8089
username=admin
password=changeme
scheme=https
app=yourapp

Code

usage = 'usage: %prog [options] <filename>*'
opts = parse(argv, RULES, ".splunkrc", usage=usage)

kwargs_splunk = dslice(opts.kwargs, FLAGS_SPLUNK)
service = client.connect(**kwargs_splunk)
name = opts.kwargs['index']
if not service.indexes.contains(name):
    error("Index '%s' does not exist." % name, 2)
index = service.indexes[name]

You can change the configuration file to JSON format to get service instance.
I hope it'll work

Reply
Solved! Jump to solution

ww9rivers
Contributor
‎11-10-2012 07:58 AM

Thanks. OK. I replaced this line:

result = splunk.get(spconf['index'])

with:

result = splunk.indexes[spconf['index']].get()

I got a result in XML, which seems to be data about the app I want to access, not the result from the app.

I think I may be going at it in the wrong way. I think I need to get results from the app through the splunk web, rather through the splunkd (I am guessing that's what port 8089 is).

0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...
Top