Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

python sdk and realtime search?

bfaber
Communicator
‎05-25-2010 04:38 AM

I am trying to get realtime streaming results using the python sdk. The code I was using looks like this:

auth.getSessionKey('admin','changeme')
args = {"earliestTime": 0, "latestTime": 0}
job = search.dispatch(' search *',**args)

for event in job:
  print  event['_raw']

print search
job.cancel()

No errors, but no results either. What am I doing wrong?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

bfaber
Communicator
‎05-26-2010 01:49 AM

Using the Job Inspector, I was able to reverse the kwargs...

args = {'time_format': '%s.%Q', 'search': 'search *', 'required_field_list': '*', 'max_count': '10000', 'ui_dispatch_app': 'search', 'latest_time': 'rt', 'status_buckets': '300', 'ui_dispatch_view': 'flashtimeline', 'earliest_time': 'rt-1m', 'auto_cancel': '100'}

This changes the search line to be:

job = search.dispatch(**args)

This all seems to work, but is probably more complex than needed.

View solution in original post

Reply
Solved! Jump to solution

psanford_splunk
Splunk Employee
Splunk Employee
‎09-28-2011 10:01 AM

There is also a new Splunk Python SDK on GitHub. You can access it here: https://github.com/splunk/splunk-sdk-python

There are a number of search examples in the SDK.

Any questions - psanford@splunk.com or ping us on Twitter: @splunkdev

0 Karma
Reply
Solved! Jump to solution
Solution

bfaber
Communicator
‎05-26-2010 01:49 AM

Using the Job Inspector, I was able to reverse the kwargs...

args = {'time_format': '%s.%Q', 'search': 'search *', 'required_field_list': '*', 'max_count': '10000', 'ui_dispatch_app': 'search', 'latest_time': 'rt', 'status_buckets': '300', 'ui_dispatch_view': 'flashtimeline', 'earliest_time': 'rt-1m', 'auto_cancel': '100'}

This changes the search line to be:

job = search.dispatch(**args)

This all seems to work, but is probably more complex than needed.

Reply
Solved! Jump to solution

Lowell
Super Champion
‎05-25-2010 07:49 PM

Have you tried adding rt to your earliest/lastest times?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...