Scenario: Accessing remote Splunk Enterprise server from another VM using Python SDK that does not have Splunk Enterprise installed.
Issue: Added a scripts in directory /splunk-sdk-python-1.6.2/examples but it is failing.
I was able to get one of the sample scripts in the examples directory to work accordingly:
python search.py "search index=pci_jbx_index * | head 10" --host=a.b.c.d --username="abc" --password="def" --output_mode=csv --verbose=verbose
Thanks everyone in advance,
Yes, the runsearch.py script is failing because Splunk is not installed on the local system. Splunk-provided python includes modules specific to Splunk. You have a couple of options:
1) Install Splunk on the scripts VM. There is no cost to install the software. If you never run it there will be no licensing costs, either.
2) Copy the splunklib.py module from your Splunk system to the scripts VM. There may be other modules to copy as well, which you'll discover through trial-and-error.
Thanks Rich. That makes sense. I'll install it and let it automatically become the free edition after the trial expires