Is it possible to use Python (or other languages) ...

sameratassi · ‎03-31-2022

Hi,

Is it possible to use Python (or other languages) to get logs that originated from specific hosts?

For example, search for a list of hosts and return the logs that were ingested during a specific date range.

Thanks !

mayurr98 · ‎03-31-2022

Hello , if its a dynamic list of hosts you could create a lookup table for hosts using settings » Lookups » Lookup table files » New Table Lookup File.

and use below search

index=<your_index> [inputlookup hosts.csv | table host ]

Select date range on the top right side of the search bar to get the appropriate results.

let me know if this helps!

richgalloway · ‎03-31-2022

The SPL for that would look something like this.

index=foo earliest=bar latest=baz [ 
  <<your search for a list of hosts>>
  | field host 
  | format
  ]

Crafting that in Python (or other languages) is an exercise left to the reader.

---
If this reply helps you, Karma would be appreciated.

Is it possible to use Python (or other languages) to get logs that originated from specific hosts?

add-on

Python

simple XML

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Is it possible to use Python (or other languages) to get logs that originated from specific hosts?

add-on

Python

simple XML

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?