Splunk Dev

How to analyze incoming logs with Splunk Light using Python?

thomas_bion
New Member

Hello all,

It's the first time I post here and I'm a French guy (sorry in advance for my English)

I did several tests with Splunk Light, but I cannot find a Python method to analyze only the incoming logs at the moment I launch the script.
I want to have an infinite loop that will iterate over all the incoming logs.

Do you have a solution to my problem?

Thanks,

Thomas

Tags (2)
0 Karma

jkat54
SplunkTrust
SplunkTrust

It sounds like you dont need a python script and instead you should check out the inputs.conf directive known as "monitor":

http://docs.splunk.com/Documentation/Splunk/6.3.1/Data/Monitorfilesanddirectorieswithinputs.conf

http://docs.splunk.com/Documentation/Splunk/6.2.0/Admin/Inputsconf #<-- search for word "monitor"

Examples:

The following configuration directs Splunk to read all the files in the directory /var/log. It reads them infinitely... as in any new files are automatically read.

[monitor:///var/log]

The following configuration directs Splunk to read all data in one file within /var/log. Any changes appended to the file are automatically indexed.

[monitor:///var/log/filename]

0 Karma

thomas_bion
New Member

I think I need a python script...
I want to analyze all the incoming log to detect certain cases and make a treatment with them (for example send an email, disable an faulty interface,...)

0 Karma

rbittner_splunk
Splunk Employee
Splunk Employee

I don't believe you need a python script given what you are trying to do. Splunk monitors every log as it comes in. If you set an alert to look for particular cases and when the case is found you can trigger an action: send an email, run a script to disable the faulty interface etc...

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...