I am very new to Splunk and i am trying to automate the manual search and export with Python(Splunk SDK).
I have searched most of the answers relevant to Splunk SDK,But none is straight forward.
Here is my code which i have tried -
import splunklib.client as client
import splunklib.results as resultsc =
client.connect(host='cicloga-enterprise.net',
port=8089,
username='username',
password='password')saved_searches = c.saved_searches
saved_searches.create('my_saved_search',
'search index=cgh_new_876544 | head 1')
assert 'my_saved_search' in
saved_searches
saved_searches.delete('my_saved_search')
assert 'my_saved_search' not in
saved_searches
With the above python code i am able to connect to Splunk host and getting the job results , But i am not getting results for my search "'search index=cgh_new_876544 | head 1"
Ultimately i need a logic/help to run a splunk query to export the splunk results to CSV.
I have already gone through this link - https://answers.splunk.com/answers/2651/exporting-search-results-automatically.html?utm_source=typea...
But that is not something which interacting directly with Python.
Kindly help me with the above requirement.
Now i am able to get the results from splunk - Its working fine.
from time import sleep import
splunklib.client as client import
splunklib.results as results count=0
HOST = "cicloga-enterprise.net" PORT =
8089 USERNAME = "SID" PASSWORD =
"Password" service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)search_query = "search index=cfs_classic_81712 | head 10"
kwargs_normalsearch = {"exec_mode": "normal"}
job = service.jobs.create(search_query,
**kwargs_normalsearch) rr = results.ResultsReader(service.jobs.export("search
index=cgh_new_876544 | stats count by
host")) for result in rr:
if isinstance(result, results.Message):
# Diagnostic messages may be returned in the results
print '%s: %s' % (result.type, result.message)
elif isinstance(result, dict):
# Normal events are returned as dicts
print result assert rr.is_preview == False
Now i am able to get the results from splunk - Its working fine.
from time import sleep import
splunklib.client as client import
splunklib.results as results count=0
HOST = "cicloga-enterprise.net" PORT =
8089 USERNAME = "SID" PASSWORD =
"Password" service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)search_query = "search index=cfs_classic_81712 | head 10"
kwargs_normalsearch = {"exec_mode": "normal"}
job = service.jobs.create(search_query,
**kwargs_normalsearch) rr = results.ResultsReader(service.jobs.export("search
index=cgh_new_876544 | stats count by
host")) for result in rr:
if isinstance(result, results.Message):
# Diagnostic messages may be returned in the results
print '%s: %s' % (result.type, result.message)
elif isinstance(result, dict):
# Normal events are returned as dicts
print result assert rr.is_preview == False