Developing for Splunk Enterprise
Highlighted

Questions about Splunk SDK for Python and Python 3.

Contributor

Hello,

I am starting with the custom commands in python and have some basic questions I guess.
The python version is 2.7, which I find a bit awkward as it does not even have the pip or easy_install to get the splunk-sdk installed.
What we did was to install the python 3 under the /usr/local/bin/python3, then we got the splunk-sdk.
We relinked the python to python3. The custom commands work fine now ... but the whole rest not really. I get issues with some of my alerts and when restarting, the splunk itself does not come up.

So, my questions would be:
- Is it possible to get other version of python (3.5 instead of 2.7) running with Splunk?
- If not, what would be the easiest way to install the splunk-sdk for python under the 2.7? ... not having the easy_install nor pip unfortunately so the hints from the docu cannot be really followed
- And, why can't the splunk-sdk be just installed by default when installing Splunk ...

Kind Regards,
Kamil

Labels (2)
0 Karma
Highlighted

Re: splunk sdk for python and python 3

Contributor

Hello,

It was an issue with our python 2.7 installation, where we were not able to get pip neither easy_install running so we could not implement the splunk-sdk.
We workarounded it by pointing in the custom command / python script to the python 3.5 splunk-sdk module.
Please see below the example code of the simple sleep60 command.

Kind Regards,
Kamil

import sys
sys.path.append("/usr/local/lib/python3.5/site-packages/splunk_sdk-1.6.6-py2.7.egg")
import time
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration

@Configuration()
class MyCommand(StreamingCommand):
        def stream(self,records):
                time.sleep(60)
                for record in records:
                        yield record

if __name__ == "__main__":
        dispatch(MyCommand, sys.argv, sys.stdin, sys.stdout, __name__)

View solution in original post

0 Karma