python or python sdk example for adding data via s...

monzy · ‎12-27-2013

is there an example in the python sdk examples that i can follow to post data to a splunk index via the services/receivers/simple REST endpoint ? if not via python sdk, perhaps something using urllib2 or some other python standard library. i am currently using the python postprocess module with curl as described here. but there is probably a more elegant, sustainable, os independent, way to post data.

monzy · ‎12-30-2013

thanks Damien. the little preamble to this is that one needs to instantiate a client.connect object (service in the example). i followed this example for the connection setup. between your help and that, this was really painless. thank you.


import splunklib.client as client

HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"

# Create a Service instance and log in 
service = client.connect(
    host=HOST,
    port=PORT,
    username=USERNAME,
    password=PASSWORD)
    
# Send an event over HTTP
# Retrieve the index for the data
myindex = service.indexes["obix"]
# Submit an event over HTTP
myindex.submit("This is my HTTP event", sourcetype="access_combined.log", host="local")

Damien_Dallimor · ‎12-29-2013

Example code here : http://dev.splunk.com/view/python-sdk/SP-CAAAEE6#add2index

# Send an event over HTTP

# Retrieve the index for the data
myindex = service.indexes["test_index"]

# Submit an event over HTTP
myindex.submit("This is my HTTP event", sourcetype="access_combined.log", host="local")

The method you want to use (submit) is at line 1823 : https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/client.py

python or python sdk example for adding data via services/receivers/simple rest

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout