Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are we unable to index data to Splunk enterprise using Splunk addon?

bhuvanabala
New Member
‎05-21-2019 11:02 PM

I am new to Splunk addon builder. I am using splunk addon builder to build an addon that feeds the REST API response as input to Splunk enterprise. For this i am using Python modular input method. Since REST API modular input one of the data collection input doesnt supports Oauth2.0 we are using python modular input to get the REST API response

Before i feed the response to splunk enterprise, tried feeding some sample data using the below syntax 

   def collect_events(helper, ew):
    event=helper.new_event(data="123",index="new_index",sourcetype="new_sourcetyp e)   
     ew.write_event(event)
     pass

I am able to print the output in console, but when i search for index="new_index" in search bar, its returing 0 events

Please let me know what i am missing here

Tags (2)
0 Karma
Reply

DavidHourani
Super Champion
‎05-22-2019 12:00 AM

Hi @bhuvanabala,

You can use the following link for reference :
http://dev.splunk.com/view/python-sdk/SP-CAAAEE6

There's an entire section about creating indexes and sending data there.

Also use this :
https://www.function1.com/2015/09/splunk-sdk-for-python-getting-data-in
It's a bit old but can still be used for reference.

Cheers,
David

0 Karma
Reply

suryajagarapu
Explorer
‎03-19-2020 12:05 PM

I am also facing the same issue as the events are getting displayed in output console of AOB but it's showing zero events for the index.
Any thoughts please?

0 Karma
Reply

suryajagarapu
Explorer
‎03-19-2020 01:23 PM

Hi @bhuvanabala , Could you please let me know what did you do fix the issue as I got stuck into the same situation and events are showing as 0 for the index though it's is displaying the event in output console?

0 Karma
Reply

DavidHourani
Super Champion
‎05-21-2019 11:32 PM

where are you writing the events to ?

0 Karma
Reply

bhuvanabala
New Member
‎05-21-2019 11:37 PM

Hi David,

Thanks for responding back.

I am tring to index the data under "new_index"(index name) and searched for the event in Search and Reporting App

Should i specify the App in the new_event() function

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...