Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Trying to download splunk logs using python script...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Trying to download splunk logs using python script using bamboo
Hemanth35
New Member
04-02-2025
04:01 AM
when running my bamboo paln i am unable to generate splunk log json file
this is log
build 02-Apr-2025 11:57:27 /home/bamboo-agent/xml-data/build-dir/CBPPOC-SLPIB-JOB1/dbscripts build 02-Apr-2025 11:57:27 _bamboo_build.sh build 02-Apr-2025 11:57:27 _build.sh build 02-Apr-2025 11:57:27 licensecode.py build 02-Apr-2025 11:57:27 _push2release.sh build 02-Apr-2025 11:57:27 _push2snapshot.sh build 02-Apr-2025 11:57:27 splunkQueries.txt build 02-Apr-2025 11:57:28 [licensecode.py:43 - login() ] Logging in to Splunk API initiated build 02-Apr-2025 11:57:28 [licensecode.py:62 - login() ] Logged in as: M022754 build 02-Apr-2025 11:57:28 [licensecode.py:257 - main() ] Command line param queryFile has value: splunkQueries.txt build 02-Apr-2025 11:57:28 [licensecode.py:159 - processQueryFile() ] Query: search eventtype="cba-env-prod" NNO.API.LOG.PM.UPDATE latest=now earliest=-7d build 02-Apr-2025 11:57:28 [licensecode.py:161 - processQueryFile() ] Number of queries in queue: 1 build 02-Apr-2025 11:57:28 [licensecode.py:193 - triggerSearch() ] Triggering search for query: search eventtype="cba-env-prod" NNO.API.LOG.PM.UPDATE latest=now earliest=-7d build 02-Apr-2025 11:57:28 [licensecode.py:201 - triggerSearch() ] Search initiated with SID: 1743587848.2389422_84B919DD-8E60-47EE-AF06-F6EE20B95178 build 02-Apr-2025 11:57:38 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:57:48 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:57:58 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:58:08 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:58:18 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:58:28 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:58:38 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:58:48 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:58:58 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:59:08 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:59:18 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:59:28 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:59:38 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:59:48 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 11:59:58 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:08 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:18 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:28 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:38 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:48 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:58 [licensecode.py:265 - main() ] Waiting next 10 seconds for all queries to complete build 02-Apr-2025 12:00:58 [licensecode.py:268 - main() ] Execution timeout of 200 seconds has passed, exiting simple 02-Apr-2025 12:00:58 Failing task since return code of [/home/bamboo-agent/temp/CBPPOC-SLPIB-JOB1-268-ScriptBuildTask-11226880290426353947.sh] was 1 while expected 0
| 02-Apr-2025 12:00:58 | Failing as no matching files has been found and empty artifacts are not allowed. |
after completing waiting time logs file json not generating
help me to how to resolve this issue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
04-02-2025
04:31 AM
Hi @Hemanth35 ,
Based on the logs, your Python script (licensecode.py) successfully initiates a Splunk search but then gets stuck in a waiting loop (Waiting next 10 seconds for all queries to complete) until it hits its internal 200-second timeout. This usually means the script is either not correctly checking if the Splunk search job has finished, or the search itself is taking longer than 200 seconds to complete.
- Check Search Performance: Run the search search eventtype="cba-env-prod" NNO.API.LOG.PM.UPDATE latest=now earliest=-7d directly in the Splunk Search UI. Note how long it takes to complete. If it takes longer than 200 seconds, you'll need to either optimize the search or increase the timeout in your Python script.
- Review Python Script Logic: Examine the licensecode.py script, particularly the loop that waits for the search to complete (around line 265) and the logic that triggers the search and should check its status (around lines 193-201).
- Ensure the script correctly polls the Splunk search job's status using its SID (1743587848.2389422_84B919DD-8E60-47EE-AF06-F6EE20B95178). It should check if the job's dispatchState is DONE, FAILED, or still running (See https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTTUT/RESTsearches#:~:text=dispatchState-,dispa...)
- Verify that once the job is DONE, the script proceeds to retrieve the results using the appropriate Splunk SDK method or REST API endpoint.
- Add more detailed logging within the loop to print the actual status returned by Splunk for the job SID during each check. This will help diagnose if the status check logic is flawed.
- Increase Script Timeout: If the search legitimately takes longer than 200 seconds, modify the timeout value within your script.
🌟 Did this answer help you? If so, please consider:
- Adding kudos to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Get Updates on the Splunk Community!
AppDynamics Summer Webinars
This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...
SOCin’ it to you at Splunk University
Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...
Credit Card Data Protection & PCI Compliance with Splunk Edge Processor
Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...
