Splunk Enterprise
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- write script to deploy diag file
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
write script to deploy diag file
harishsplunk7
Explorer
2 weeks ago
Can anyone give me idea or script python to generate a diag file in splunk using python script
login to splunk support portal and enter the case number Upload the file automatically
Labels (5)
Labels
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
2 weeks ago
Just for anyone catching up, to confirm you specifically want to script the diag pushing, whilst this is available with --upload on the diag command it isnt possible to do this non-interactively because of the password request.
Ive been doing some more digging on this on my local instance, the CLI uses python's getpass to request your password for the support portal/splunk.com interactively and to my knowledge its not possible to pipe/inject into this using anything like stdin, however I did find the python calls which actually do the upload.
Here is an example Python script which I believe may work for you, Ive not had chance to test it entirely yet, only in sections:
import sys, os, glob
sys.path.append("/opt/splunk/lib/python3.9/site-packages")
from splunk.clilib import info_gather
# Locate latest diag file in SPLUNK_HOME
SPLUNK_HOME = os.environ.get("SPLUNK_HOME", "/opt/splunk")
diag_files = sorted(glob.glob(os.path.join(SPLUNK_HOME, "diag-*.tar.gz")))
if not diag_files:
raise FileNotFoundError("No diag file found")
diag_file = diag_files[-1]
class CustomOptions:
def __init__(self, upload_user, upload_password, case_number, upload_description):
self.upload_user = upload_user
self.upload_password = upload_password
self.case_id = case_number
self.upload_description = upload_description
self.upload_uri="https://api.splunk.com"
options = CustomOptions(
upload_user="your_username",
upload_password="your_password",
case_number="1234567",
upload_description="Automated diag upload",
)
result = info_gather.upload_to_splunkcom(diag_file, options)
print("Upload result:", result)🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
isoutamo
SplunkTrust
2 weeks ago
I think that just couple of lines sh script is enough as diag already have option to send and attach it to your case in splunk. You found more from https://docs.splunk.com/Documentation/Splunk/9.4.2/Troubleshooting/Generateadiag
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
2 weeks ago
Edit: deleted previous reply.
Nevermind, Im sure it originally said UF 🙄
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
isoutamo
SplunkTrust
2 weeks ago
That’s true, but at least for me it’s really rare to create diag on UF and then send it splunk. But if you need to do it regularly then it’s different story. But in those case I probably do e.g. with ansible play where I login into UF generate diag then copy that into full splunk instance and in last task I will send it to splunk with diag.
Those was steps what I manually did on last time I need to send diag from UF to splunk.
Those was steps what I manually did on last time I need to send diag from UF to splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harishsplunk7
Explorer
2 weeks ago
thank you, can you please let me know the python script to upload the diag file to splunk support
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
isoutamo
SplunkTrust
2 weeks ago
Just command
splunk diag --upload...and some needed parameters
Upload:
Flags to control uploading files Ex: splunk diag --upload
[...]
--case-number=case-number
Case number to attach to, e.g. 200500
--upload-user=UPLOAD_USER
splunk.com username to use for uploading
--upload-description=UPLOAD_DESCRIPTION
description of file upload for Splunk support
--firstchunk=chunk-number
For resuming upload of a multi-part upload; select the
first chunk to send
--chunksize=chunk-size
Optional set the chunksize in bytes to be uploadedThese are described on above link.
When you are doing upload it’s not needed to do on node where you have created that diag file. Just move it into any splunk enterprise node which have https access to splunk support over internet.
If needed you can create script with any language you want to use, but as I already said, I probably use ansible for scripting. But it’s your decision based on your environment, needs and tools which you have.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
2 weeks ago
I wanted to check, are you using Windows or Linux UFs? UFs do not have Python installed as part of the Splunk deployment, therefore Python might not be best approach for this?
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harishsplunk7
Explorer
2 weeks ago
we are have multiple splunk cluster and will need to generate a diag file everytime for search head or indexer..
so need to automat the process of generating the diage and upload in splunk support case automatically.
i have script to generate a file and enter the case but spplunk support is will need api or some connection to login and search the case and upload the diag.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
2 weeks ago
What is your existing script doing? Perhaps we can help enhance this. Is there a specific reason you need it to be Python?
Does your existing script get around the problem that the diag command with --upload flag requires you to interactively enter your password? Im not sure how we can get around this issue?
Ultimately this activity could probably be repeated directly using the API that the diag upload CLI uses, however I am not sure if this information is publicly available.
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Get Updates on the Splunk Community!
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Index This | What goes away as soon as you talk about it?
May 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
