Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Python SDK Oneshot
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Python SDK Oneshot
Working with the Python SDK, and my end goal is to fetch logs over a given time.
For now I'm trying to output saved searches and then later will move on to the logs.
Referencing the docs, this is close to what I want to do, minus the delete portion
https://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.5/client.html?highlight=saved%20searches#s...
Something like
for saved_search in saved_searches.iter(pagesize=10):
print(saved_search)
but not getting any output, any ideas on where to go?
For clarity using the oneshot method, and want to output saved search results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you going through the documentation it seems like this would be it. However I am not getting any output. Are there more details about this API that can help int his use case?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you going through the documentation it seems like this would be it. However I am not getting any output. Are there more details about this API that can help here?
The following is the snippet that would perform listing of the saved search
password = knox_auth(SPLUNK_PASSWORD)
service = client.connect(host=HOST, port=PORT, username=USERNAME,
password=password, basic=True, app=APP)
# return service
# Retrieve a search
savedsearch = service.saved_searches["Saved Search"]
job = savedsearch.dispatch()
print(job.results())
Thank You
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please check the below documentation. I guess it will help with executing saved searches and displaying results.
Let me know if you need more details or help.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
How to find the worst searches in your Splunk environment and how to fix them
Share Your Feedback: On Admin Config Service (ACS)!
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
