Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How many times it executes splunk search and export using python rest api ?

poorni_p
Explorer
‎07-20-2019 04:27 PM

Hi all,
I am writing a python rest api script to search and export csv results to a location.
I got the session key for the below query.

     serviceContent=httplib2.Http.request(...)
     sessionkey = minidom.parseString(serviceContent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue

And using this session key, i am writing a infinite while loop to execute search and import csv file

  while true:
           ...
         #splunk Search using the Session key and got job id here
         #Get results & Export to CSV statement here
         #time.sleep(60) statement here to run the search every minute
         ...

My query is how many times the while look will get executed with the Session key?

thanks in advance.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-22-2019 09:07 AM

I can't validate this but I wonder if it would be defined by the sessionTimeout property of server.conf

[general]
sessionTimeout = <nonnegative integer>[s|m|h|d]
* The amount of time before a user session times out, expressed as a
  search-like time range.
* Examples include "24h" (24 hours), "3d" (3 days),
  "7200s" (7200 seconds, or two hours)
* Default: "1" (1 hour)

So if the session is active then it may never expire because I believe this is more about inactive sessions.

0 Karma
Reply

poorni_p
Explorer
‎07-22-2019 03:23 PM

@SloshBurch
Not sure about server.conf, but i guess this can be defined in Settings in the upper right-hand corner -> Server settings -> Click General settings -> Session timeout.

any thoughts ?

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-23-2019 07:27 AM

I believe we're talking about the same thing. I mentioned where it is in the conf file and I think you found where it is in the UI. Let's see if I can get some developers to peek at this as well.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-21-2019 08:01 AM

An infinite number of times?

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-22-2019 09:04 AM

I think the question is how long do session keys persist before getting expired.

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...
Top