Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

When using the Python-SDK, why is Splunk silently returning nothing for some indices?

haffi112
New Member
‎12-13-2018 07:13 AM

I'm trying to use the Python SDK to search in Splunk.

However, I can only search on some indices, for others I just get an empty response.

For example, when I use the command

search index=trace

I get a response, but when I use 

search index=read

I don't get any response. But if I use the web interface this query works, i.e. my user has rights to search on that index and I am authenticating myself when using the Python-SDK.

Do you have any idea what could explain this? The silent returning of nothing is not helping me.

0 Karma
Reply

haffi112
New Member
‎12-14-2018 06:36 AM

I have confirmed with an administrator that it is not a problem with access rights as the script shows the same behavior when he authenticates with his user.

0 Karma
Reply
Get Updates on the Splunk Community!

Holistic Visibility and Effective Alerting Across IT and OT Assets

Instead of effective and unified solutions, they’re left with tool fatigue, disjointed alerts and siloed ...

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...