Splunk Search

How to put search query in "views.py" and show the output on splunk template(html page)?

harshal_chakran
Builder

Hi,
I have created an application using Django Bindings.
I wanted to know, if is it possible to write search queries in "views.py" file in Splunk app folder.
And show the output in form of table and chart.

And one more thing, is it really possible to use one query and apply some python logic to it and then use it as the final output?

Please Help...!!!

0 Karma

Federica_92
Communicator

Hi, I'm trying to execute a search in the django and get the results in the views.py, Is possible?

0 Karma

ineeman
Splunk Employee
Splunk Employee

Great question. There are several things you can do:

  1. You can definitely build your query up in Python (in views.py) and then pass
    it down to JS in a SearchManager. For example, you might have:

    @render_to('myapp:mypage.html')
    def get_page_config(request):
        my_query = "index=_internal | head %s | stats count by sourcetype" % request.GET.get('count', 10)
        return {
            "query": my_query
        }
    

    and then in your template (mypage.html😞

    {% block content %}
        {% chart id="mychart" managerid="mymanager" %}
        {% table id="mytable" managerid="mymanager" %}
    {% endblock content %}
    
    {% block managers %}
        {% search id="mymanager" search=my_query %}
    {% endblock managers %}
    
  2. You can also create an actual search job using the Python SDK, and then use
    that search for your manager. For example, you might have:

    @render_to('myapp:mypage.html')
    def get_page_config(request):
        my_query = "index=_internal | head %s | stats count by sourcetype" % request.GET.get('count', 10)
        my_job = request.service.search(my_query)
        return {
            "sid": my_job.sid,
        }
    

    and then in your template (mypage.html😞

    {% block content %}
        {% chart id="mychart" managerid="mymanager" %}
        {% table id="mytable" managerid="mymanager" %}
    {% endblock content %}
    
    {% block managers %}
        {% search id="mymanager" sid=my_query %}
    {% endblock managers %}
    

You can read more about the Python SDK here:

Hopefully this answers your question. Let us know if you need any more detail.

0 Karma

ineeman
Splunk Employee
Splunk Employee

Sorry for being slow to pick up, but I'm still not quite sure. Can you give an example query and the type of loops/other logic you want to apply to it? Once that logic is applied, what do you want to do with that data?

0 Karma

harshal_chakran
Builder

I need to create an application using Splunk Python SDK. where the python file will be edited to insert search query.
Using this query's output, I want to apply looping and other python logic. And display the output of those to the Splunk.

Can you please describe in detailed steps for how to do it?

0 Karma

ineeman
Splunk Employee
Splunk Employee

Can you give an example of what you'd like to do? I'm not sure I follow.

0 Karma

harshal_chakran
Builder

Hey, Thanks a lot ineeman!!!That really helped.
There is one more question, that how to use two or more search queries and apply some python logic to their output using python SDK. Plus where to make this changes??

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...