- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- passing search result to empty python file
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
passing search result to empty python file
hi,
i am running a query
index="dataload" in search and i want to transfer it result in empty python file ..For that i hv uploaded a python sdk and created an empty file in aap-search-bin folder..
but i dont know the correct way,how can i transfer my search result to empty python file,i hv to again perform some operation on this python file..but first want to transfer my search result in python file
index="dataload" | tabel python.py
like this.....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your request for a python script command is quite confusing.
I see 2 alternate simple options :
export all your data in a csv file, and work out of splunk.
see the command "mysearch | table field1 field2 field3 | exportcsv mycsvfile.csv"
or the export options for the UIor find the correct regex to extract your fields in splunk (see the command "rex" )
http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Rex
and if needed, use multivalue fields commands,
http://docs.splunk.com/Documentation/Splunk/5.0.4/Search/Parsemultivaluefields
http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/ConfigureSplunktoparsemulti-valuefields
In this case, provide a useful sample. And the expected result.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm very sure Splunk can do this. My advice would be to open up a separate question about this, with examples and good information on what you want to do.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yup,but this is the only solution i think..because splunk is not able to make the regex for these fileds values like if the field has values like (720),(65,123,457) so it will make regex of (65,123,457) its a single value but splunk is cosidering it as different value and breaking it into 65 123 and 457 as individual unit
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And oh, if I recall correctly you were the guy who had field extraction problems and wanted to solve them by writing custom Python commands. I still don't think that sounds like a good solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That actually made me more confused than I was before 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i want to perform some python programming on that index because their is problem in extracting some of the fields.so by writing a script means i know that on 3rd line, my this output will be there so cutting all that field value... some thing like that
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean by transferring to an empty Python file? Why would you want to do that? What's the desired end result?
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
