Can anyone give me idea or script python to generate a diag file in splunk using python script
login to splunk support portal and enter the case number Upload the file automatically
Just for anyone catching up, to confirm you specifically want to script the diag pushing, whilst this is available with --upload on the diag command it isnt possible to do this non-interactively because of the password request.
Ive been doing some more digging on this on my local instance, the CLI uses python's getpass to request your password for the support portal/splunk.com interactively and to my knowledge its not possible to pipe/inject into this using anything like stdin, however I did find the python calls which actually do the upload.
Here is an example Python script which I believe may work for you, Ive not had chance to test it entirely yet, only in sections:
import sys, os, glob
sys.path.append("/opt/splunk/lib/python3.9/site-packages")
from splunk.clilib import info_gather
# Locate latest diag file in SPLUNK_HOME
SPLUNK_HOME = os.environ.get("SPLUNK_HOME", "/opt/splunk")
diag_files = sorted(glob.glob(os.path.join(SPLUNK_HOME, "diag-*.tar.gz")))
if not diag_files:
raise FileNotFoundError("No diag file found")
diag_file = diag_files[-1]
class CustomOptions:
def __init__(self, upload_user, upload_password, case_number, upload_description):
self.upload_user = upload_user
self.upload_password = upload_password
self.case_id = case_number
self.upload_description = upload_description
self.upload_uri="https://api.splunk.com"
options = CustomOptions(
upload_user="your_username",
upload_password="your_password",
case_number="1234567",
upload_description="Automated diag upload",
)
result = info_gather.upload_to_splunkcom(diag_file, options)
print("Upload result:", result)
🌟 Did this answer help you? If so, please consider:
Your feedback encourages the volunteers in this community to continue contributing
I think that just couple of lines sh script is enough as diag already have option to send and attach it to your case in splunk. You found more from https://docs.splunk.com/Documentation/Splunk/9.4.2/Troubleshooting/Generateadiag
Edit: deleted previous reply.
Nevermind, Im sure it originally said UF 🙄
thank you, can you please let me know the python script to upload the diag file to splunk support
Just command
splunk diag --upload...
and some needed parameters
Upload: Flags to control uploading files Ex: splunk diag --upload [...] --case-number=case-number Case number to attach to, e.g. 200500 --upload-user=UPLOAD_USER splunk.com username to use for uploading --upload-description=UPLOAD_DESCRIPTION description of file upload for Splunk support --firstchunk=chunk-number For resuming upload of a multi-part upload; select the first chunk to send --chunksize=chunk-size Optional set the chunksize in bytes to be uploaded
These are described on above link.
When you are doing upload it’s not needed to do on node where you have created that diag file. Just move it into any splunk enterprise node which have https access to splunk support over internet.
If needed you can create script with any language you want to use, but as I already said, I probably use ansible for scripting. But it’s your decision based on your environment, needs and tools which you have.
I wanted to check, are you using Windows or Linux UFs? UFs do not have Python installed as part of the Splunk deployment, therefore Python might not be best approach for this?
🌟 Did this answer help you? If so, please consider:
Your feedback encourages the volunteers in this community to continue contributing
we are have multiple splunk cluster and will need to generate a diag file everytime for search head or indexer..
so need to automat the process of generating the diage and upload in splunk support case automatically.
i have script to generate a file and enter the case but spplunk support is will need api or some connection to login and search the case and upload the diag.
What is your existing script doing? Perhaps we can help enhance this. Is there a specific reason you need it to be Python?
Does your existing script get around the problem that the diag command with --upload flag requires you to interactively enter your password? Im not sure how we can get around this issue?
Ultimately this activity could probably be repeated directly using the API that the diag upload CLI uses, however I am not sure if this information is publicly available.
🌟 Did this answer help you? If so, please consider:
Your feedback encourages the volunteers in this community to continue contributing