When using the Python-SDK, why is Splunk silently ...

haffi112 · ‎12-13-2018

I'm trying to use the Python SDK to search in Splunk.

However, I can only search on some indices, for others I just get an empty response.

For example, when I use the command

search index=trace

I get a response, but when I use

search index=read

I don't get any response. But if I use the web interface this query works, i.e. my user has rights to search on that index and I am authenticating myself when using the Python-SDK.

Do you have any idea what could explain this? The silent returning of nothing is not helping me.

haffi112 · ‎12-14-2018

I have confirmed with an administrator that it is not a problem with access rights as the script shows the same behavior when he authenticates with his user.

When using the Python-SDK, why is Splunk silently returning nothing for some indices?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

When using the Python-SDK, why is Splunk silently returning nothing for some indices?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem