I want to send an event using python-sdk.
Event's content "145.255.2.146 - - [2015-12-12:23:08:40 +0100] ""GET /administrator/ HTTP/1.1"" 200 4263 ""-"" ""Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"" ""-"""
If we remove colons event will be sent, please, help me.
The code below doesn't show any mistake, neither add an event to splunk
import splunklib.client as client
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
myindex = service.indexes["main"]
mysocket = myindex.attach(sourcetype='access_combined.log',host='local')
mysocket.send(str.encode('"145.255.2.146 - - [2015-12-12:23:08:40 +0100] ""GET /administrator/ HTTP/1.1"" 200 4263 ""-"" ""Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"" ""-"""'))
mysocket.close()
Not familiar with this python stuff, so i'll leave that to others to comment on, but I think you mean quote, not colon? At least: I don't see any colons :
in your event 🙂
The code I provided works, but if I add :, it doesnt send event. I can replace colons, but I wonder why It doesn't work.
Splunk can read events with colons, so that's weird.
Colons, I forgot to add it in the event 😞 The original is like
"37.31.31.31 - - [13/Dec/2015:23:08:40 +0100] ""POST /administrator/index.php HTTP/1.1"" 200 4494 ""