Splunk Python API example not encoding URL properl...

titleistfour · ‎01-14-2015

I'm trying to work with the lastest Splunk Python SDK, version 1.3.0 I believe, using Python 2.6.6. Our Splunk server is 6.1.5. Working through the examples provided, I was unable to use examples/savedsearch/savedsearch.py to list out the details of a specific saved search.

[user@web saved_search]$ ./saved_search.py list --name="SLB server disabled"
Traceback (most recent call last):
  File "./saved_search.py", line 216, in <module>
    main(sys.argv[1:])
  File "./saved_search.py", line 206, in main
    result = context.get("saved/searches/%s" % name, **kwargs)
  File "./../../splunklib/binding.py", line 240, in wrapper
    return request_fun(self, *args, **kwargs)
  File "./../../splunklib/binding.py", line 62, in new_f
    val = f(*args, **kwargs)
  File "./../../splunklib/binding.py", line 585, in get
    response = self.http.get(path, self._auth_headers, **query)
  File "./../../splunklib/binding.py", line 1055, in get
    return self.request(url, { 'method': "GET", 'headers': headers })
  File "./../../splunklib/binding.py", line 1110, in request
    raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 404 Not Found --
 In handler 'savedsearch': Could not find object id=SLB%20server%20disabled
[user@web saved_search]$

However, if I take a look at the URL for that search in Splunk, I see that the encoding is different.

https://web:8000/en-US/app/search/alert?s=%2FservicesNS%2Fnobody%2Fsearch%2Fsaved%2Fsearches%2FSLB%2...

Anyone know what might be going on here? I've set my version=6.1 in my ~/.splunkrc file. Other examples seem to work ok.

Thanks, Jay

Flynt · ‎02-01-2015

Looks like the issue here may be this line in 177 of saved_search.py

kwargs[key] = urllib.quote(opts.kwargs[key])

Which may be encoding the saved search name in a way that this version of Splunk doesn't like. Try commenting that line out and adding this in its place

kwargs[key] = opts.kwargs[key]

Splunk Python API example not encoding URL properly