Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search with Python SDK

murat
Observer
‎10-08-2020 07:30 AM

Hi all!

I'm trying to run simple search via Python SDK (Python 3.8.5, splunk-sdk 1.6.14). Examples that are presented on dev.splunk.com are clear but something goes wrong when I run search with my own parameters

The code is as simple as this

    search_kwargs_params = {
        "exec_mode": "blocking",
        "earliest_time": "2020-09-04T06:57:00.000-00:00",
        "latest_time": "2020-11-08T07:00:00.000-00:00",        
    }
    search_query = 'search index=qwe1 trace=111-aaa-222 action=Event.OpenCase'
    job = self.service.jobs.create(search_query, **search_kwargs_params)
    for result in results.ResultsReader(job.results()):
        print(result)

But search returns no results. When I run same query manually in Splunk web GUI it works fine.

I've also tried to put all parameters in 'search_kwargs_params' dictionary, widened search time period and got some search results but they seem to be inappropriate to what I got in GUI.

Can someone advise? 

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...