Developing for Splunk Enterprise

Splunk Python API example not encoding URL properly


I'm trying to work with the lastest Splunk Python SDK, version 1.3.0 I believe, using Python 2.6.6. Our Splunk server is 6.1.5. Working through the examples provided, I was unable to use examples/savedsearch/ to list out the details of a specific saved search.

[user@web saved_search]$ ./ list --name="SLB server disabled"
Traceback (most recent call last):
  File "./", line 216, in <module>
  File "./", line 206, in main
    result = context.get("saved/searches/%s" % name, **kwargs)
  File "./../../splunklib/", line 240, in wrapper
    return request_fun(self, *args, **kwargs)
  File "./../../splunklib/", line 62, in new_f
    val = f(*args, **kwargs)
  File "./../../splunklib/", line 585, in get
    response = self.http.get(path, self._auth_headers, **query)
  File "./../../splunklib/", line 1055, in get
    return self.request(url, { 'method': "GET", 'headers': headers })
  File "./../../splunklib/", line 1110, in request
    raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 404 Not Found --
 In handler 'savedsearch': Could not find object id=SLB%20server%20disabled
[user@web saved_search]$

However, if I take a look at the URL for that search in Splunk, I see that the encoding is different.


Anyone know what might be going on here? I've set my version=6.1 in my ~/.splunkrc file. Other examples seem to work ok.

Thanks, Jay

0 Karma

Splunk Employee
Splunk Employee

Looks like the issue here may be this line in 177 of

kwargs[key] = urllib.quote(opts.kwargs[key])

Which may be encoding the saved search name in a way that this version of Splunk doesn't like. Try commenting that line out and adding this in its place

kwargs[key] = opts.kwargs[key]
0 Karma