How to splunk api to get statistics in python

rajendar381 · ‎07-29-2024

If I run the below code I am getting events in output json file , if I want to get statistics , is there any api available
if I want to get error count and stdev in json file , how can I use the python code to get these values

payload=f'search index="prod_k8s_onprem_vvvb_nnnn" "k8s.namespace.name"="apl-siii-iiiii" "k8s.container.name"="uuuu-dss-prog" NOT k8s.container.name=istio-proxy NOT log.level IN(DEBUG,INFO) (error OR exception)(earliest="07/25/2024:11:30:00" latest="07/25/2024:12:30:00")\n'
'| addinfo\n'
'| bin _time span=5m@m\n'
'| stats count(eval(log.level="ERROR")) as error_count by _time\n'
'| eventstats stdev(error_count)'

print(payload)
payload_escaped = f'search={urllib.parse.quote(payload)}'

headers = {
  'Authorization': f'Bearer {splunk_token}',
  'Content-Type': 'application/x-www-form-urlencoded'
}

url = f'https://{splunk_host}:{splunk_port}/services/search/jobs/export?output_mode=json'
response = requests.request("POST", url, headers=headers, data=payload_escaped, verify=False)

print(f'{response.status_code=}')
txt = response.text

if response.status_code==200:
  json_txt = f'[\n{txt}]'
  os.makedirs('data', exist_ok=True)
  with open("data/output_deploy.json", "w") as f:
    f.write(json_txt)
    f.close()
else:
  print(txt)

How to splunk api to get statistics in python

stats

tstats

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Are you a member of the Splunk Community?

How to splunk api to get statistics in python

stats

tstats

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...