Developing for Splunk Enterprise

Python SDK Oneshot

dannyze
Explorer

Working with the Python SDK, and my end goal is to fetch logs over a given time.

For now I'm trying to output saved searches and then later will move on to the logs.
Referencing the docs, this is close to what I want to do, minus the delete portion

https://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.5/client.html?highlight=saved%20searches#s...

Something like

for saved_search in saved_searches.iter(pagesize=10):
    print(saved_search)




but not getting any output, any ideas on where to go?

For clarity using the oneshot method, and want to output saved search results. 



Labels (2)
0 Karma

dannyze
Explorer

Thank you going through the documentation it seems like this would be it. However I am not getting any output. Are there more details about this API that can help  int his use case? 

 

0 Karma

dannyze
Explorer

Thank you going through the documentation it seems like this would be it. However I am not getting any output. Are there more details about this API that can help here? 

The following is the snippet that would perform listing of the saved search

  password = knox_auth(SPLUNK_PASSWORD)
    service = client.connect(host=HOST, port=PORT, username=USERNAME,
            password=password, basic=True, app=APP)
    # return service

    # Retrieve a search
    savedsearch = service.saved_searches["Saved Search"]
    job = savedsearch.dispatch()
    print(job.results())

 
Thank You

0 Karma

gaurav_maniar
Builder

Hi,

Please check the below documentation. I guess it will help with executing saved searches and displaying results.

Let me know if you need more details or help.

https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtowork/#To...

 

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!