Splunk Search
Highlighted

How to put search query in "views.py" and show the output on splunk template(html page)?

Hi,
I have created an application using Django Bindings.
I wanted to know, if is it possible to write search queries in "views.py" file in Splunk app folder.
And show the output in form of table and chart.

And one more thing, is it really possible to use one query and apply some python logic to it and then use it as the final output?

Please Help...!!!

0 Karma
Highlighted

Re: How to put search query in "views.py" and show the output on splunk template(html page)?

Splunk Employee
Splunk Employee

Great question. There are several things you can do:

  1. You can definitely build your query up in Python (in views.py) and then pass
    it down to JS in a SearchManager. For example, you might have:

    @render_to('myapp:mypage.html')
    def get_page_config(request):
        my_query = "index=_internal | head %s | stats count by sourcetype" % request.GET.get('count', 10)
        return {
            "query": my_query
        }
    

    and then in your template (mypage.html😞

    {% block content %}
        {% chart id="mychart" managerid="mymanager" %}
        {% table id="mytable" managerid="mymanager" %}
    {% endblock content %}
    
    {% block managers %}
        {% search id="mymanager" search=my_query %}
    {% endblock managers %}
    
  2. You can also create an actual search job using the Python SDK, and then use
    that search for your manager. For example, you might have:

    @render_to('myapp:mypage.html')
    def get_page_config(request):
        my_query = "index=_internal | head %s | stats count by sourcetype" % request.GET.get('count', 10)
        my_job = request.service.search(my_query)
        return {
            "sid": my_job.sid,
        }
    

    and then in your template (mypage.html😞

    {% block content %}
        {% chart id="mychart" managerid="mymanager" %}
        {% table id="mytable" managerid="mymanager" %}
    {% endblock content %}
    
    {% block managers %}
        {% search id="mymanager" sid=my_query %}
    {% endblock managers %}
    

You can read more about the Python SDK here:

Hopefully this answers your question. Let us know if you need any more detail.

0 Karma
Highlighted

Re: How to put search query in "views.py" and show the output on splunk template(html page)?

Hey, Thanks a lot ineeman!!!That really helped.
There is one more question, that how to use two or more search queries and apply some python logic to their output using python SDK. Plus where to make this changes??

0 Karma
Highlighted

Re: How to put search query in "views.py" and show the output on splunk template(html page)?

Splunk Employee
Splunk Employee

Can you give an example of what you'd like to do? I'm not sure I follow.

0 Karma
Highlighted

Re: How to put search query in "views.py" and show the output on splunk template(html page)?

I need to create an application using Splunk Python SDK. where the python file will be edited to insert search query.
Using this query's output, I want to apply looping and other python logic. And display the output of those to the Splunk.

Can you please describe in detailed steps for how to do it?

0 Karma
Highlighted

Re: How to put search query in "views.py" and show the output on splunk template(html page)?

Splunk Employee
Splunk Employee

Sorry for being slow to pick up, but I'm still not quite sure. Can you give an example query and the type of loops/other logic you want to apply to it? Once that logic is applied, what do you want to do with that data?

0 Karma
Highlighted

Re: How to put search query in "views.py" and show the output on splunk template(html page)?

Communicator

Hi, I'm trying to execute a search in the django and get the results in the views.py, Is possible?

0 Karma