Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I get data from Splunk REST API using python? Receiving error

ssharm223
Loves-to-Learn
‎05-12-2022 02:23 PM

Hi, so my team is currently has some data on Splunk cloud.  My task is to use your REST API to get this data using python.

On Splunk web I get this data by using the following query:

 

| from inputlookup:"cloud_accountList"

 

 I have written a simple python script to get the data:

 

splunkTenant = 'avc3'
splunkURL = {
    'api': f"https://ab1.{splunkTenant}.splunkcloud.com:1234",
}
splunkCredentials = {
    'user': 'test_user',
    'password': 'SplunkIsGreat'
}
searchString = f"| from inputlookup:\"cloud_accountList\""

search = {
    'search': searchString,
    'output_mode': 'json'
}

splunkEndpoints = {
    'returnedAppSearch': f"{splunkURL['api']}/servicesNS/{splunkCredentials['user'].upper()}",
}

cacertpath = '/Users/***/Downloads/cacert.pem'

searchURL2 = f"{splunkEndpoints['returnedAppSearch']}/APP_NAME/search/jobs"

splunk_response = requests.post(
    url=searchURL,
    auth=(str(splunkCredentials['user']), str(splunkCredentials['password'])),
    verify=cacertpath
    data=search)

 

 

When I run this script I get an error.  Can someone please help me out? 

 

Regards

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-13-2022 12:50 AM

What error do you get?

0 Karma
Reply

ssharm223
Loves-to-Learn
‎05-13-2022 07:21 AM 
'ERROR', 'text': "The lookup table 'cloud_accountList' requires a .csv or KV store lookup definition

 

This is the error I am getting

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-13-2022 07:32 AM

Looks like you need to set up a definition for the lookup

ITWhisperer_0-1652452352271.png

 

0 Karma
Reply

ssharm223
Loves-to-Learn
‎05-13-2022 07:49 AM

Thanks ITWhisperer.  Can you list the exact steps we have to follow?  I am very new to this.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-13-2022 07:52 AM

Define a CSV lookup in Splunk Web - Splunk Documentation

0 Karma
Reply

ssharm223
Loves-to-Learn
‎05-16-2022 01:41 PM

Went over this with an admin.  Looks like the lookup is already defined.  Is there anything else I can try?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...