Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why does Splunk scripted input not print data when script is turned off?

sumeet
Engager
‎09-29-2022 10:49 PM

Hello,

I am using python script to read from remote api with pagination. I have one problem while reading data from api, once i started script and it pulls data after that if i disable the script the data does not get printed in splunk though it has passed through print statement.

Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-30-2022 03:43 AM
Maybe I don' understand this right, but when you have disabled input then splunk don't run that script until you are reenabling that input.
Reply

sumeet
Engager
‎09-30-2022 04:06 AM

Hi @isoutamo 


In the below method we are looping through data and sending each event to splunk(for indexing) using print method. So while executing this method if we disable script through ui, it does not index any event to splunk and program is immediately terminated. 

For example: We have 5 events to be indexed. So the for loop should execute print 5 times. Now, suppose it has executed it 2 times and now we disable the script through UI. Then the script will be terminated immediately and the two events which were sent using print function will also not be indexed.

Is it expected behaviour and how we could handle such cases gracefully?


My code is like this:

 

def stream_to_splunk(self, data):
        for event in data:
            jsonData = json.dumps({"sourceType": self.sourceType, "event": event})
            print(jsonData)

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-30-2022 07:01 AM

I cannot recall how this has implemented, but my gut feelings is that this is how it has planned to working. I think that there is some buffering on sending events to splunk and when you are "stopping" it before it has finished it don't sent any events as it has just terminated and all buffers are cleared.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...