Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

python sdk and realtime search?

bfaber
Communicator
‎05-25-2010 04:38 AM

I am trying to get realtime streaming results using the python sdk. The code I was using looks like this:

auth.getSessionKey('admin','changeme')
args = {"earliestTime": 0, "latestTime": 0}
job = search.dispatch(' search *',**args)

for event in job:
  print  event['_raw']

print search
job.cancel()

No errors, but no results either. What am I doing wrong?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

bfaber
Communicator
‎05-26-2010 01:49 AM

Using the Job Inspector, I was able to reverse the kwargs...

args = {'time_format': '%s.%Q', 'search': 'search *', 'required_field_list': '*', 'max_count': '10000', 'ui_dispatch_app': 'search', 'latest_time': 'rt', 'status_buckets': '300', 'ui_dispatch_view': 'flashtimeline', 'earliest_time': 'rt-1m', 'auto_cancel': '100'}

This changes the search line to be:

job = search.dispatch(**args)

This all seems to work, but is probably more complex than needed.

View solution in original post

Reply
Solved! Jump to solution

psanford_splunk
Splunk Employee
Splunk Employee
‎09-28-2011 10:01 AM

There is also a new Splunk Python SDK on GitHub. You can access it here: https://github.com/splunk/splunk-sdk-python

There are a number of search examples in the SDK.

Any questions - psanford@splunk.com or ping us on Twitter: @splunkdev

0 Karma
Reply
Solved! Jump to solution
Solution

bfaber
Communicator
‎05-26-2010 01:49 AM

Using the Job Inspector, I was able to reverse the kwargs...

args = {'time_format': '%s.%Q', 'search': 'search *', 'required_field_list': '*', 'max_count': '10000', 'ui_dispatch_app': 'search', 'latest_time': 'rt', 'status_buckets': '300', 'ui_dispatch_view': 'flashtimeline', 'earliest_time': 'rt-1m', 'auto_cancel': '100'}

This changes the search line to be:

job = search.dispatch(**args)

This all seems to work, but is probably more complex than needed.

Reply
Solved! Jump to solution

Lowell
Super Champion
‎05-25-2010 07:49 PM

Have you tried adding rt to your earliest/lastest times?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...