Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Python SDK resulting in split values for stats

brajaram
Communicator
‎11-06-2018 02:04 PM

We're currently using the python sdk to hit the API to run some queries. These are all stats functions to generate metrics for our systems every week. We're running into a strange issue where Splunk is returning the correct values, but splitting them up into multiple fields.

Expected Data (And what we see in splunk web)

ServiceName                TotalCount                    ResponseTime
PingService                   100,000                          10ms

What we actually get is something like this

ServiceName                 TotalCount                ResponseTime
PingService                    99,987                        10ms
PingService                        13                        14ms

The total sum ends up being correct, but for some reason it is splitting up the events into separate rows. What could be causing this issue?

The code we use to hit the SDK is as follows:

HOST = 
PORT = 
USERNAME = 
PASSWORD = 
APPLICATION = 
service = client.connect(
        host = HOST,
        port = PORT,
        username = USERNAME,
        password = PASSWORD)

kwargs_export = {"earliest_time": "-170hour", 
              "latest_time": "-2hour", 
                "search_mode": "normal", 
                "count" : 0} 

searchquery_export = 'long query ending with stats'
job = service.jobs.create(searchquery_export, **kwargs_export)

#While Loop to check and print the status of the job - code cut for brevity


reader = results.ResultsReader(job.results(**kwargs_export))    

reultList = []
for result in reader:
    if isinstance(result, dict):
        resultDict=dict(result)
        reultList.append(resultDict)
job.cancel()
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...