All,
I need help in indexing only success response in Splunk and the failure response like error/authentication failed/host down are in splunkd.log
Please help me in python script to index the failed message in log file.
Below is the script:
import requests
import json
import urllib
import sys
import os
host=(str(sys.argv[1]))
headers={
"accept": "application/json",
"content-type": "application/json"
}
Input_URL= ['https://{host}.com/apigee/files/data'.format(host=host)]
def return_json(url):
try:
response = requests.get(url,headers=headers)
if not response.status_code // 100 == 2:
return "ERROR: Unexpected response {}".format(response)
json_obj = response.json()
return json.dumps(json_obj)
except requests.exceptions.RequestException as e:
return "ERROR: {}".format(e)
for url in Input_URL:
print return_json(url)
Are you already running that script outside the Splunk environment? If so you might want to take a look at sending the result via HEC (https://www.splunk.com/en_us/blog/customers/http-event-collect-a-python-class.html)
If not, you could use that code a base for an input by creating an Add-on with the Splunk Add-On Builder (https://splunkbase.splunk.com/app/2962/)