Re: Python script to clock error on splunkd.log on...

DataOrg · ‎06-09-2020

All,

I need help in indexing only success response in Splunk and the failure response like error/authentication failed/host down are in splunkd.log

Please help me in python script to index the failed message in log file.

Below is the script:

import requests
import json
import urllib
import sys 
import os

host=(str(sys.argv[1]))

headers={
        "accept": "application/json",
        "content-type": "application/json"
}
	
Input_URL= ['https://{host}.com/apigee/files/data'.format(host=host)]

def return_json(url):
    try:
        response = requests.get(url,headers=headers)		

           if not response.status_code // 100 == 2:
            return "ERROR: Unexpected response {}".format(response)
		
        json_obj = response.json()
        return json.dumps(json_obj)
    except requests.exceptions.RequestException as e:
                return "ERROR: {}".format(e)
for url in Input_URL:
    print return_json(url)

livehybrid · ‎06-10-2020

Are you already running that script outside the Splunk environment? If so you might want to take a look at sending the result via HEC (https://www.splunk.com/en_us/blog/customers/http-event-collect-a-python-class.html)

If not, you could use that code a base for an input by creating an Add-on with the Splunk Add-On Builder (https://splunkbase.splunk.com/app/2962/)

Python script to clock error on splunkd.log only success message to index

configuration

development

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation