×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
to914868
New Member
Member since: ‎07-04-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-04-2018
Activity Feed
Topics I've Started
View All

Re: python SDK parse xml output

by in Dashboards & Visualizations
‎08-10-2018 02:50 PM
‎08-10-2018 02:50 PM
You can change the output mode to csv which will parse it for you. import splunklib.client as client import splunklib.results as results import csv service = client.connect( host=HOST, port=PORT, username=un, password=pwd query= """search {+enter your query here}​""" results_kwargs = { "earliest_time": "-30min", # or "earliest_time": datetime.datetime(2015, 6, 29).isoformat() "latest_time": "now", "search_mode": "normal", "output_mode": "csv" } oneshotsearch_results = service.jobs.oneshot(query, **results_kwargs) f=open('myresults.csv', 'w') f.write(oneshotsearch_results.read()) f.close()​ ... View more

Re: Python SDK save search to csv

by in Splunk Dev
‎08-10-2018 11:28 AM
‎08-10-2018 11:28 AM
Thanks @poete! Here is what I used in the end results_kwargs = { "earliest_time": "-40min", "latest_time": "now", "search_mode": "normal", "output_mode": "csv" } oneshotsearch_results = service.jobs.oneshot(query, **results_kwargs) f=open('myresults.csv', 'w') f.write(oneshotsearch_results.read()) f.close() ... View more

Python SDK save search to csv

by in Splunk Dev
‎07-04-2018 03:42 AM
‎07-04-2018 03:42 AM
I want to use splunklib to run a one-off Splunk query and save it to csv. I'm testing with a small query (a single visitId) of 8 events only. The result is returned immediately in Splunk UI but I have problems getting the result from the python-sdk. My problems with splunklib are: - service.jobs.export() query does not complete because it keeps repeating the same 8 event results over and over again - service.jobs.oneshot() query does not finish and returns no result I tried adding the search parameters "preview"=False, i.e. kwargs_export = { "search_mode": "normal","preview": True } rr = results.ResultsReader(service.jobs.export(query,**kwargs_export )) The only effect is that neither option returns anything anymore, since the queries are not completing. import splunklib.client as client import splunklib.results as results service = client.connect( host=HOST, port=8089, username=USERNAME, password=PWD ) query= """search index=xxx application="xxx" sourcetype=xxx| spath visitId | join type ...""" rr = results.ResultsReader(service.jobs.export(query)) for item in rr: for key in item.keys(): print(key, len(item[key]), item[key]) I tried the same with oneshot kwargs_oneshot = {'output_mode': 'csv',"search_mode": "normal"} oneshotsearch_results = service.jobs.oneshot(query, **kwargs_oneshot) f=open('myresults.csv', 'w') f.write(oneshotsearch_results.read()) This creates a csv file but has no content at all. I think .read is deprecated. Any suggestions ? All I want is to save the query results to .csv ONCE using the library. Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM