Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About pchp348
pchp348
Explorer
Member since:
06-07-2018
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 06-07-2018 |
Activity Feed
- Posted Re: Python SDK save search to csv on Splunk Dev. 12-10-2018 06:18 AM
- Posted Export to csv is not fetching all the results - Python /Splunk SDK on Splunk Dev. 12-10-2018 06:15 AM
- Tagged Export to csv is not fetching all the results - Python /Splunk SDK on Splunk Dev. 12-10-2018 06:15 AM
- Tagged Export to csv is not fetching all the results - Python /Splunk SDK on Splunk Dev. 12-10-2018 06:15 AM
- Tagged Export to csv is not fetching all the results - Python /Splunk SDK on Splunk Dev. 12-10-2018 06:15 AM
- Tagged Export to csv is not fetching all the results - Python /Splunk SDK on Splunk Dev. 12-10-2018 06:15 AM
- Posted Re: Export Splunk results automatically for every 3 hours using Python on Splunk Dev. 06-11-2018 12:40 AM
- Posted Export Splunk results automatically for every 3 hours using Python on Splunk Dev. 06-07-2018 12:24 AM
- Tagged Export Splunk results automatically for every 3 hours using Python on Splunk Dev. 06-07-2018 12:24 AM
- Tagged Export Splunk results automatically for every 3 hours using Python on Splunk Dev. 06-07-2018 12:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
12-10-2018
06:18 AM
This is working fine , But i could not fetch all the results in csv. Kindly provide me the solution for this question
https://answers.splunk.com/answers/708529/export-to-csv-is-not-fetching-all-the-results-pyth.html?minQuestionBodyLength=80
... View more
12-10-2018
06:15 AM
I do have a Python code to run an query and export the search results to .csv files. The program is working perfectly fine but when i opened the search results i could not see all the results. I just validated the same by running the query manually in splunk and exported the result and compared the results with the one which is generated through my code. I am running the query for last 2 hours.
My Code -
import time
import splunklib.client as client
import splunklib.results as results
import csv
import random
HOST = "Server"
PORT = 8089
USERNAME = "user"
PASSWORD = "password"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
My splunk query file
with open('H:\Query1.txt', 'r') as myfile:
Splunk_query=myfile.read()
Executing the query for last 2 hours
results_kwargs = {
"earliest_time": "-2h",
"latest_time": "now",
"search_mode": "normal",
"output_mode": "csv"
}
oneshotsearch_results = service.jobs.oneshot(Splunk_query, **results_kwargs)
f=open("H:\lasttwohours.csv", 'w')
f.write(oneshotsearch_results.read())
f.close()
Kindly help me with the export with the absolute results which i am getting it from splunk.
NOTE : I dont have permission to change any .conf file since this is the restricted environment. I can run my program and get the results from splunk.
... View more
06-11-2018
12:40 AM
Now i am able to get the results from splunk - Its working fine.
from time import sleep import
splunklib.client as client import
splunklib.results as results count=0
HOST = "cicloga-enterprise.net" PORT =
8089 USERNAME = "SID" PASSWORD =
"Password" service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
search_query = "search index=cfs_classic_81712 | head 10"
kwargs_normalsearch = {"exec_mode": "normal"}
job = service.jobs.create(search_query,
**kwargs_normalsearch) rr = results.ResultsReader(service.jobs.export("search
index=cgh_new_876544 | stats count by
host")) for result in rr:
if isinstance(result, results.Message):
# Diagnostic messages may be returned in the results
print '%s: %s' % (result.type, result.message)
elif isinstance(result, dict):
# Normal events are returned as dicts
print result assert rr.is_preview == False
... View more
06-07-2018
12:24 AM
I am very new to Splunk and i am trying to automate the manual search and export with Python(Splunk SDK).
I have searched most of the answers relevant to Splunk SDK,But none is straight forward.
Here is my code which i have tried -
import splunklib.client as client
import splunklib.results as results
c =
client.connect(host='cicloga-enterprise.net',
port=8089,
username='username',
password='password')
saved_searches = c.saved_searches
saved_searches.create('my_saved_search',
'search index=cgh_new_876544 | head 1')
assert 'my_saved_search' in
saved_searches
saved_searches.delete('my_saved_search')
assert 'my_saved_search' not in
saved_searches
With the above python code i am able to connect to Splunk host and getting the job results , But i am not getting results for my search "'search index=cgh_new_876544 | head 1"
Ultimately i need a logic/help to run a splunk query to export the splunk results to CSV.
I have already gone through this link - https://answers.splunk.com/answers/2651/exporting-search-results-automatically.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
But that is not something which interacting directly with Python.
Kindly help me with the above requirement.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
