Somesoni2,
below is the script that I ran in the .py file.
!/usr/bin/python
import gzip
import csv
import sys
import os
import subprocess
import splunklib.client as client
import collections
import json
import ConfigParser
from ConfigParser import SafeConfigParser
parser = SafeConfigParser()
parser.read('/opt/splunk/etc/filename.ini')
HOST = parser.get('environment','HOST')
PORT = parser.get('environment','PORT')
USERNAME = parser.get('environment','USERNAME')
PASSWORD = parser.get('environment','PASSWORD')
def post(event):
print "connecting\n"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
index = service.indexes['xyz']
index.submit(event, sourcetype='ABC')
with open('/tmp/customappname.log', 'a') as f:
print>>f, sys.argv
print sys.argv
event = {}
f = gzip.GzipFile(sys.argv[8])
r = csv.DictReader(f)
for i in r:
for key in i:
if key == "key":
x = str(i[key])
x = x.replace(" ", "")
event[key] = x
elif key == "msg":
event[key] = i[key]
elif key == "severity":
event[key] = i[key]
elif key == 'status_defg':
st = 'status'
event[st] = i[key]
elif key == "_time":
event[key] = i[key]
elif key == "support_team":
event[key] = i[key]
elif key == "auto_close":
event[key] = i[key]
print 'event after processing\n', event
ju_event = json.dumps(event)
print ju_event
raw_input("Hello")
post(ju_event)
... View more