Developing for Splunk Enterprise

Verify Splunk operation using Python SDK

Builder

I am working on a tool to validate that splunk is operational, both HEC and std Indexing (9997). HEC Is easy to do with either python requests or the SDK, but how can I script, in python, writing a test event directly to the indexes on port 9997? I assume that the SDK will be my friend!?!?! Any help is MUCH appreciated!

0 Karma
1 Solution

Builder

Thank you VERY much for taking the time to help me out there. This worked

0 Karma

Builder

I have the following simple code:

#!/usr/bin/env python

import splunklib.client as client

HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "joniie"

# Create a Service instance and log in
service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)

# Print installed apps to the console to verify login
for app in service.apps:
    print app.name

When I run this locally on the SPlunk test host (which has SDK installed) I get the following:

Traceback (most recent call last):
  File "./logger.py", line 11, in <module>
    service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)
  File "/usr/lib/python2.7/site-packages/splunklib/client.py", line 321, in connect
    s.login()
  File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 857, in login
    cookie="1") # In Splunk 6.2+, passing "cookie=1" will return the "set-cookie" header
  File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 1201, in post
    return self.request(url, message)
  File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 1218, in request
    response = self.handler(url, message, **kwargs)
  File "/usr/lib/python2.7/site-packages/splunklib/binding.py", line 1357, in request
    connection.request(method, path, body, head)
  File "/usr/lib64/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/lib64/python2.7/httplib.py", line 1236, in connect
    server_hostname=sni_hostname)
  File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

What am I missing? Why is this not working?

0 Karma

Builder

This seems to be related to Splunk 7.x tree and not my 6.5.2 systems. I remember that there is a big change in SSL/TLS from 6 -> 7 so that would make sense. So that being said, does anyone know how to work around this issue so I can use the SDK on 7.x?

0 Karma

Champion

Are you on CentOS or RHEL 7?

0 Karma