Developing for Splunk Enterprise
Highlighted

Log data into Splunk using Python SDK

Explorer

Hello,

I was wondering if there is anyway to log data into Splunk using python SDK. I've found a way to send data to a specific port. In my case, I'm trying to log data into Splunk using a Python script calling it from Splunk search. Let me explain myself a little bit more:

I perform a query that look like this:

| script MyLogData parameter1 parameter2

That script make download a JSON file that I would like to log into Splunk. I have declared the script into commands.conf file so everything is fine. The file is executed successfully so there is no issue on that side.

The problem is that I haven't find a way to log data into splunk using Python SDK. The only solution I've found is log data using a "remote" connection (using user and password), but is not the way I would like to do it due to the script is running on the Splunk server. My question is, Is there anyway to log data directly into Splunk? Does the SDK have anyway to do it?

Thank you very much!

Kind regards 🙂

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

Influencer

Hey

There is a oneshot.py in the Python sdk, have you had a look at it?

Also how about retrieving that data to a file a have Splunk monitor it after your script gets it?

Let me know your thoughts

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

New Member

Hello Tiago! Sounds great but after take a look into the file, I release that it only allows to perform searches. I've been investigating and it looks like submit.py may do what he's looking for. Could anyone confirm that?

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

Influencer

Yes I believe it is exactly what you need: command line utility that submits event data to Splunk from stdin.command line utility that submits event data to Splunk from stdin.

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

New Member

I'm taking a look into it 🙂 Thank you!

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

New Member

For some reason Splunk crashes after execute this script and I need to restart it.

import splunklib.client as client
import requests,sys

def requestJSON():
    params = {'key': '1Uasdfui4', 'resource': 'aIUijasduhaiiajsdklfj'}
    headers = {"Accept-Encoding": "gzip, deflate", "User-Agent" : "Firefox" }
    response = requests.get('https://www.getmyjson.com/', params=params, headers=headers)
    return response.text

def main(argv):
        service = client.connect(app="MyAPP", sharing="app", username="user", password="password")
        cn = service.indexes["main"].attach(source="MyApp://MyApp", sourcetype="MyAPP",host="MyAPP")
        cn.write(requestJSON())
        print "Job done!"
if __name__ == "__main__":
    main(sys.argv[1:])

Does anyone know how to do this? Is weird that splunk crashes after this :S

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

SplunkTrust
SplunkTrust

If you are in python. You are way better off sending data via http event collector than directly through the API.

https://github.com/georgestarcher/Splunk-Class-httpevent

0 Karma
Highlighted

Re: Log data into Splunk using Python SDK

New Member

Hello!

Sorry for being late on my response. But, sending the event via HTTP means open an extra port? Is this method a buildin way to log events into splunk?

Thank you very much!

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.