Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to get data in via python script or read file?

eholz1
Contributor
‎11-18-2022 07:21 AM

Hello Splunk Community

I have a python script that checks a certain family of cisco devices that tells me if the Device is UP or DOWN. The script is based on a csv file that has hostname and IP.

The file is not really subject to change, but can be changed easily if required. I wish I could use the Splunk SNMP module, but I need some sort of API key (BaboonBones!??!)

I can use the script outside of splunk to create a “log” file then have splunk read the file. Maybe that is the best way, I am wondering if it is worthwhile to try to find the splunk python splunklib.client module and use it to send data, etc.

I am open to suggestions.

Thanksl,

eholz1

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

starcher
Influencer
‎11-18-2022 08:07 AM

Another option is if you want to run the python outside of Splunk for some reason. Send your data in via HTTP event collector. 

https://github.com/georgestarcher/Splunk-Class-httpevent

View solution in original post

Reply
Solved! Jump to solution

yuanliu
SplunkTrust
SplunkTrust
‎11-21-2022 05:06 PM

Another alternative is REST API (Endpoints reference list, see under receiv ers/).  Some pros and cons for your consideration.

 ProCon
Scripted inputSimple, arguably the lowest costEvery event carries the name of Spunk server/forwarder as host value
HECAllows setting of various meta data for each event, such as hostSpecialized interface, some setup
REST API, e.g., Allows setting of various meta data for each event, such as hostRequires authentication
File dump-ingestionSimple to implement, can set host field per event via path/file nameIf use path/file name for event, make sure each batch does not contain duplicate path/file name.
Reply
Solved! Jump to solution

eholz1
Contributor
‎11-23-2022 07:01 PM

Hello All,

Thanks for the tips. I managed to get an HEC set up on the Splunk indexer.

I can go to a remote computer and do a curl command like this, which does send data to the indexer:

curl -k https://Indexer:8088/services/collector/event -H "Authorization: Splunk 6959a730-556f-4d91-6d94-a6f63fdfb72e" -d '{"event": "amazing transfer of hello world"}'

I am attempting to use a python program with the "requests" module imported, and it seem I need the urllib3 module as well.

I am using json for my header, and json for my data

header { "Authorization": "Splunk <token code from the HEC>" }

et = {"event": "UP hello world, etc" }

my request is this:

req = requests.post(url,headers=header,data=et,verify=False)

This fails with 400, Bad Request.

What am I missing here?

 

thanks

eholz1

 

 

0 Karma
Reply
Solved! Jump to solution

yuanliu
SplunkTrust
SplunkTrust
‎11-24-2022 02:07 PM

Why do you need JSON for auth header?  As your cURL command demonstrated, it should be a colon-separated key-value pair.

0 Karma
Reply
Solved! Jump to solution
Solution

starcher
Influencer
‎11-18-2022 08:07 AM

Another option is if you want to run the python outside of Splunk for some reason. Send your data in via HTTP event collector. 

https://github.com/georgestarcher/Splunk-Class-httpevent

Reply
Solved! Jump to solution

eholz1
Contributor
‎11-28-2022 07:32 AM

Hello All,

Thanks for all the replies Yes, I used the HEC, and finally got everyting working.

I am using  the request module to send the data to splunk. The tricking part was  making the data value a STRING. The authorization goes through fine in the "json" format.

 

Thanks for the support

eholz1

0 Karma
Reply
Solved! Jump to solution

eholz1
Contributor
‎11-21-2022 09:55 AM

Wow two good ideas. I will try it  out. One of my main questions would be monitoring a flle or using a

script - is one method better that the othe?

 

In my case, I might have to try the http event collector.

 

Thanks,

eholz

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-18-2022 07:42 AM

Getting data into Splunk from a Python script is easy.  Run the script as a Splunk scripted input (Settings->Data inputs->scripts).  Anything the script writes to stdout will be indexed automatically - no client module needed.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

eholz1
Contributor
‎11-21-2022 09:57 AM

Hello richgalloway,

Again thanks for the tip here, both replies are VERY helpful, If there is a way to give you each 20 karmas

I would.

I will try the script method as well,

eholz1

0 Karma
Reply
Get Updates on the Splunk Community!

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...