Hello,
I was wondering if there is anyway to log data into Splunk using python SDK. I've found a way to send data to a specific port. In my case, I'm trying to log data into Splunk using a Python script calling it from Splunk search. Let me explain myself a little bit more:
I perform a query that look like this:
| script MyLogData parameter1 parameter2
That script make download a JSON file that I would like to log into Splunk. I have declared the script into commands.conf file so everything is fine. The file is executed successfully so there is no issue on that side.
The problem is that I haven't find a way to log data into splunk using Python SDK. The only solution I've found is log data using a "remote" connection (using user and password), but is not the way I would like to do it due to the script is running on the Splunk server. My question is, Is there anyway to log data directly into Splunk? Does the SDK have anyway to do it?
Thank you very much!
Kind regards 🙂
If you are in python. You are way better off sending data via http event collector than directly through the API.
Hello!
Sorry for being late on my response. But, sending the event via HTTP means open an extra port? Is this method a buildin way to log events into splunk?
Thank you very much!
For some reason Splunk crashes after execute this script and I need to restart it.
import splunklib.client as client
import requests,sys
def requestJSON():
params = {'key': '1Uasdfui4', 'resource': 'aIUijasduhaiiajsdklfj'}
headers = {"Accept-Encoding": "gzip, deflate", "User-Agent" : "Firefox" }
response = requests.get('https://www.getmyjson.com/', params=params, headers=headers)
return response.text
def main(argv):
service = client.connect(app="MyAPP", sharing="app", username="user", password="password")
cn = service.indexes["main"].attach(source="MyApp://MyApp", sourcetype="MyAPP",host="MyAPP")
cn.write(requestJSON())
print "Job done!"
if __name__ == "__main__":
main(sys.argv[1:])
Does anyone know how to do this? Is weird that splunk crashes after this :S
Hey
There is a oneshot.py in the Python sdk, have you had a look at it?
Also how about retrieving that data to a file a have Splunk monitor it after your script gets it?
Let me know your thoughts
Hello Tiago! Sounds great but after take a look into the file, I release that it only allows to perform searches. I've been investigating and it looks like submit.py may do what he's looking for. Could anyone confirm that?
Yes I believe it is exactly what you need: command line utility that submits event data to Splunk from stdin.command line utility that submits event data to Splunk from stdin.
I'm taking a look into it 🙂 Thank you!