Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why are we unable to index data to Splunk enterprise using Splunk addon?

bhuvanabala
New Member
‎05-21-2019 11:02 PM

I am new to Splunk addon builder. I am using splunk addon builder to build an addon that feeds the REST API response as input to Splunk enterprise. For this i am using Python modular input method. Since REST API modular input one of the data collection input doesnt supports Oauth2.0 we are using python modular input to get the REST API response

Before i feed the response to splunk enterprise, tried feeding some sample data using the below syntax 

   def collect_events(helper, ew):
    event=helper.new_event(data="123",index="new_index",sourcetype="new_sourcetyp e)   
     ew.write_event(event)
     pass

I am able to print the output in console, but when i search for index="new_index" in search bar, its returing 0 events

Please let me know what i am missing here

Tags (2)
0 Karma
Reply

DavidHourani
Super Champion
‎05-22-2019 12:00 AM

Hi @bhuvanabala,

You can use the following link for reference :
http://dev.splunk.com/view/python-sdk/SP-CAAAEE6

There's an entire section about creating indexes and sending data there.

Also use this :
https://www.function1.com/2015/09/splunk-sdk-for-python-getting-data-in
It's a bit old but can still be used for reference.

Cheers,
David

0 Karma
Reply

suryajagarapu
Explorer
‎03-19-2020 12:05 PM

I am also facing the same issue as the events are getting displayed in output console of AOB but it's showing zero events for the index.
Any thoughts please?

0 Karma
Reply

suryajagarapu
Explorer
‎03-19-2020 01:23 PM

Hi @bhuvanabala , Could you please let me know what did you do fix the issue as I got stuck into the same situation and events are showing as 0 for the index though it's is displaying the event in output console?

0 Karma
Reply

DavidHourani
Super Champion
‎05-21-2019 11:32 PM

where are you writing the events to ?

0 Karma
Reply

bhuvanabala
New Member
‎05-21-2019 11:37 PM

Hi David,

Thanks for responding back.

I am tring to index the data under "new_index"(index name) and searched for the event in Search and Reporting App

Should i specify the App in the new_event() function

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...