Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

External Lookup python script

yko84108
New Member
‎06-11-2018 05:36 AM

Hi,

I have python script that make query to ip2location.
The script work something like that (from IP2Location

 import IP2Location;

    IP2LocObj = IP2Location.IP2Location();
    IP2LocObj.open("data/IP-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ZIPCODE-TIMEZONE-ISP-DOMAIN-NETSPEED-AREACODE-WEATHER-MOBILE-ELEVATION-USAGETYPE-SAMPLE.BIN");
    rec = IP2LocObj.get_all("19.5.10.1");
    #Write csv result to splunk...

If i'm run the external lookup by:
index = myindex | lookup ip2location ip as ip_field

Its can run around 50-60 secs (to 500k records),
My question is:
What can I do except to change my python code to improve the execution time?
* I heard something about load the script into Splunk application memory (MEMORY_CACHE ?)

Thanks

0 Karma
Reply

rvany
Communicator
‎06-21-2018 06:08 AM

How many events do you get back from "index=myindex"?
Is your python script called for every single event?
How long does it take to run this script outside of Splunk (one time, ten times, times - with eventcount being the answer to the first question)?

0 Karma
Reply

Sukisen1981
Champion
‎06-15-2018 05:44 AM

hmm interesting case -Now, what is actually causing the performance issue, is the execution in the python script or is it execution in splunk?

See a similar thread here - https://answers.splunk.com/answers/103717/cache-indexes-in-memory.html.
I do doubt that the execution in python will take time as well...

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...