Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display search results in JSON format using the Splunk SDK for Python

rupeshhiremath
Explorer
‎05-13-2016 05:11 AM

Hi,

I am using Python SDK to perform search and get results.

With below code I am able to see records in OrderedDict

kwargs_export = {"search_mode": "normal"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(exportsearch_results)
for result in reader:
     if isinstance(result, dict):
          print "Result: %s" % result
     elif isinstance(result, results.Message):
          # Diagnostic messages may be returned in the results
          print "Message: %s" % result

But when I am saying "output_mode":"json" in
kwargs_export = {"search_mode": "normal", "output_mode":"json"}, I am seeing nothing in results.

What could be the reason?

Thanks

Reply

Yasaswy
Contributor
‎05-13-2016 12:06 PM

Hi,
Python SDK for Splunk does not have a JSON parser. You will need to write your own. If you would just like to see the results then skip the ResultsReader. You can try something like:

kwargs_export = {"search_mode": "normal", "output_mode":"json"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
print exportsearch_results.read()

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...