Splunk Dev

Get Python to Communicate with Splunk

the4tress
Engager

I am trying to get Splunk to be my one source for our team's needs. Right now we have 3 different sites providing services in PHP. I am rewriting these apps in Python (basic MySQL reads and writes) and want to display the results in a Splunk app. I have been digging through the various documentation online and get more and more confused every time I start try to write the code.

My question is, how can I get Python to return data to Splunk? Is there a specific module I can use?

If I can just get to the point where I have a button in my app, then click it and "Hello World!" is displayed in a div, I can run from there.

0 Karma

Damien_Dallimor
Ultra Champion

Have you taken a look at our Python SDK ?

You can use this to execute Splunk searches and integrate the results into your application and also send events from your Python app directly into Splunk. There is also a PHP SDK.

0 Karma

barakreeves
Splunk Employee
Splunk Employee

You have 2 options:

1- Scripted Input: Manager » Data inputs » Add data » Run and collect the output of a script: From the dock:
"there are times when you want to use scripts to feed data to Splunk for indexing, or prepare data from a non-standard source so Splunk can properly parse events and extract fields."
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptedInputsIntro

2- Modular Input: From the doco...
"Modular Inputs allows you to extend the Splunk framework to define a custom input capability. Splunk treats your custom input definitions as if they were part of Splunk's native inputs." **Asterisks mine
http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ModInputsIntro

Your decision will be based on your use case. Try to use a modular input over a scripted one. Regardless, Splunk will work with your data either way.

I would first recommend creating a small test index, such as "zdev" Manager > Indexes to hold your data until you get the desired results. I always keep test indexes for this sort of thing.

I hope this helps. Don't forget to vote or accept this answer.

Ayn
Legend

Option 3 would be a custom search command.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...