Re: Python script to clock error on splunkd.log on...

DataOrg · ‎06-09-2020

All,

I need help in indexing only success response in Splunk and the failure response like error/authentication failed/host down are in splunkd.log

Please help me in python script to index the failed message in log file.

Below is the script:

import requests
import json
import urllib
import sys 
import os

host=(str(sys.argv[1]))

headers={
        "accept": "application/json",
        "content-type": "application/json"
}
	
Input_URL= ['https://{host}.com/apigee/files/data'.format(host=host)]

def return_json(url):
    try:
        response = requests.get(url,headers=headers)		

           if not response.status_code // 100 == 2:
            return "ERROR: Unexpected response {}".format(response)
		
        json_obj = response.json()
        return json.dumps(json_obj)
    except requests.exceptions.RequestException as e:
                return "ERROR: {}".format(e)
for url in Input_URL:
    print return_json(url)

livehybrid · ‎06-10-2020

Are you already running that script outside the Splunk environment? If so you might want to take a look at sending the result via HEC (https://www.splunk.com/en_us/blog/customers/http-event-collect-a-python-class.html)

If not, you could use that code a base for an input by creating an Add-on with the Splunk Add-On Builder (https://splunkbase.splunk.com/app/2962/)

Python script to clock error on splunkd.log only success message to index

configuration

development

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!