Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to upload a .csv file onto a Splunk remote server using Python?

vkannampuzha
Explorer
‎08-18-2019 09:06 PM

Hi all,

I am trying to upload a .csv file onto a remote Splunk server through the use of a Python script and I am having a bit of difficulty in getting this to run. The methods I have tried are:

Method 1: Creating a service and then connecting to the server 

 """Connect to splunk local"""

     import splunklib.client as client
     import splunklib.results as results
     from splunklib.binding import AuthenticationError

     HOST=hostname
     PORT = '8089'
     USERNAME = 'username'
     PASSWORD = 'password'
     try:
         service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)
     except exception as e:
         print(str(e))

The issue with this was that it never seemed to connect. Please note that the host was not a local host but rather a remote Splunk server.

Method 2: Using the HTTP Event Collector

Whilst the HTTP event collector worked well in sending the data through line by line, however, the data needs to be in csv format, not JSON, which it is converted to.

Any thoughts and suggestions on how to proceed would be much helpful! Would prefer to be python based solution rather than setting up a file monitor on Splunk

Cheers,

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

starcher
Influencer
‎08-19-2019 06:16 AM

If you mean csv lookup ,csv lookups are not part of the REST API. You'd need to use KVStore. if this is data why does it need to be csv? JSON with HEC is substantially simpler. If it absolutely must be csv data vs a lookup you can always use RAW mode with HEC.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

starcher
Influencer
‎08-19-2019 06:16 AM

If you mean csv lookup ,csv lookups are not part of the REST API. You'd need to use KVStore. if this is data why does it need to be csv? JSON with HEC is substantially simpler. If it absolutely must be csv data vs a lookup you can always use RAW mode with HEC.

0 Karma
Reply
Solved! Jump to solution

starcher
Influencer
‎08-19-2019 06:20 AM

https://github.com/georgestarcher/Splunk-Class-httpevent

0 Karma
Reply
Solved! Jump to solution

vkannampuzha
Explorer
‎08-19-2019 07:32 PM

I do agree with JSON being much simpler with HEC, however, the data is being used for pre-existing models that require the format to be csv. I just tried the RAW mode and that seems to be much better. Is there any way for Splunk to recognise fields then with this method?

Thanks very much for your help!

0 Karma
Reply
Solved! Jump to solution

starcher
Influencer
‎08-20-2019 06:04 AM

Read the docs on getting data into Splunk. Setup your sourcetype. setup it's parsing etc.

https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Getstartedwithgettingdatain

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...